Unformatted text preview: net> quit Connection closed. The telnet command establishes a TCP connection with the host bsdi on the port corresponding to the discard service (Section 1.12). This is exactly the type of service we need to see what happens when a connection is established and terminated, without having the server initiate any data exchange. tcpdump Output Figure 18.1 shows the tcpdump output for the segments generated by this command. 1 0.0 svr4.1037 > bsdi.discard: S 1415531521:1415531521(0) win 4096 <mss 1024> file:///D|/Documents%20and%20Settings/bigini/Docu...homenet2run/tcpip/tcp-ip-illustrated/tcp_conn.htm (1 of 37) [12/09/2001 14.47.15] Chapter 18. TCP Connection Establishment and Termination 2 3 0.007224 (0.0048) 4 4.155441 (4.1482) 5 4.156747 (0.0013) 6 4.158144 (0.0014) 7 bsdi.discard > svr4.1037: S 1823083521:1823083521(0) ack 1415531522 win 4096 <mss 1024> svr4.1037 > bsdi.discard: ack 1823083522 win 4096 svr4.1037 > bsdi.discard: F 1415531522:1415531522(0) ack 1823083522 win 4096 bsdi.discard > svr4.1037: . ack 1415531523 win 4096 bsdi.discard > svr4.1037: F 1823083522:1823083522(0) ack 1415531523 win 4096 svr4.1037 > bsdi.discard: . ack 1823083523 win 4096 0.002402 (0.0024) 4.180662 (0.0225) Figure 18.1 tcpdump output for TCP connection establishment and termination. These seven TCP segments contain TCP headers only. No data is exchanged. For TCP segments, each output line begins with source > destination: flags where flags represents four of the six flag bits in the TCP header (Figure 17.2). Figure 18.2 shows the five different characters that can appear in the flags output. flag S F R P . 3-character Description abbreviation SYN FIN RST PSH - synchronize sequence numbers sender is finished sending data reset connection push data to receiving process as soon as possible none of above four flags is on Figure 18.2 flag characters output by tcpdump for flag bits in TCP header. In this example we see the S, F, and period. We'll see the other two...
