Brief description of the packet capture process:
Set up filtering
cmd command line prompt input: ftp 10.41.1.2
data analysis:
We can see the packets captured by wireshark , there are three TCP packets in front , and the fourth is FTP , indicating that the connection is indeed established through TCp .
The first handshake:
The client sends a Tcp request packet, the flag bit SYN ( 1 ), the sequence number is 0
sequence number:0
Acknowledgment:0
syn =1
Second handshake:
The target machine receives the message and sends back a confirmation packet to the client. Both SYN and ACK are 1 , the sequence number is 0 , and the confirmation number is the received sequence number plus 1 , to 1,
sequence number:0
Acknowledgment:1
ACK:1
syn =1
The third handshake:
After receiving the packet from the target machine, the client checks whether the confirmation number is correct, whether it is the sequence number sent for the first time plus 1 , and if the ACK is 1 , the confirmation packet is sent to the server, the SYN flag is 0 , and the ACK flag Is 1 , the confirmation number is the received serial number plus 1 , and the serial number is the received confirmation number.
sequence number:1
Acknowledgment:1
ACK:1
syn =0
In this way, through three handshake, the connection is established and the ftp data transmission starts .