Revision history [back]
how does wireshark dessect the protocol above TCP?
In this packet:
No. Time Source Destination Protocol Length Info
5 2012-01-18 13:49:07.908220 10.46.206.14 10.46.212.81 FTP 65 Request: USER root
Frame 5: 65 bytes on wire (520 bits), 65 bytes captured (520 bits)
Ethernet II, Src: Wistron_31:77:41 (00:1f:16:31:77:41), Dst: Zte_03:da:35 (00:19:c6:03:da:35)
Internet Protocol Version 4, Src: 10.46.206.14, Dst: 10.46.212.81
Transmission Control Protocol, Src Port: 56053, Dst Port: 21, Seq: 1, Ack: 22, Len: 11
Source Port: 56053
Destination Port: 21
[Stream index: 0]
[TCP Segment Len: 11]
Sequence number: 1 (relative sequence number)
[Next sequence number: 12 (relative sequence number)]
Acknowledgment number: 22 (relative ack number)
0101 .... = Header Length: 20 bytes (5)
Flags: 0x018 (PSH, ACK)
Window size value: 16419
[Calculated window size: 65676]
[Window size scaling factor: 4]
Checksum: 0xb6e1 [unverified]
[Checksum Status: Unverified]
Urgent pointer: 0
[SEQ/ACK analysis]
TCP payload (11 bytes)
File Transfer Protocol (FTP)
USER root\r\n
Request command: USER
Request arg: root
-----from TCP layer,there is no info indicate upper application is ftp,how does wireshark know it ,thanks
how does wireshark dessect the protocol above TCP?
In this packet:
No. Time Source Destination Protocol Length Info
5 2012-01-18 13:49:07.908220 10.46.206.14 10.46.212.81 FTP 65 Request: USER root
Frame 5: 65 bytes on wire (520 bits), 65 bytes captured (520 bits)
Ethernet II, Src: Wistron_31:77:41 (00:1f:16:31:77:41), Dst: Zte_03:da:35 (00:19:c6:03:da:35)
Internet Protocol Version 4, Src: 10.46.206.14, Dst: 10.46.212.81
Transmission Control Protocol, Src Port: 56053, Dst Port: 21, Seq: 1, Ack: 22, Len: 11
Source Port: 56053
Destination Port: 21
[Stream index: 0]
[TCP Segment Len: 11]
Sequence number: 1 (relative sequence number)
[Next sequence number: 12 (relative sequence number)]
Acknowledgment number: 22 (relative ack number)
0101 .... = Header Length: 20 bytes (5)
Flags: 0x018 (PSH, ACK)
Window size value: 16419
[Calculated window size: 65676]
[Window size scaling factor: 4]
Checksum: 0xb6e1 [unverified]
[Checksum Status: Unverified]
Urgent pointer: 0
[SEQ/ACK analysis]
TCP payload (11 bytes)
File Transfer Protocol (FTP)
USER root\r\n
Request command: USER
Request arg: root
-----from TCP layer,there is no info indicate upper application is ftp,how does wireshark know it ,thanks
how does wireshark dessect the protocol above TCP?
In this packet:
No. Time Source Destination Protocol Length Info
5 2012-01-18 13:49:07.908220 10.46.206.14 10.46.212.81 FTP 65 Request: USER root
root
Frame 5: 65 bytes on wire (520 bits), 65 bytes captured (520 bits)
Ethernet II, Src: Wistron_31:77:41 (00:1f:16:31:77:41), Dst: Zte_03:da:35 (00:19:c6:03:da:35)
Internet Protocol Version 4, Src: 10.46.206.14, Dst: 10.46.212.81 10.46.212.81
Transmission Control Protocol, Src Port: 56053, Dst Port: 21, Seq: 1, Ack: 22, Len: 11 11
Source Port: 56053
Destination Port: 21
[Stream index: 0]
[TCP Segment Len: 11]
Sequence number: 1 (relative sequence number)
[Next sequence number: 12 (relative sequence number)]
Acknowledgment number: 22 (relative ack number)
0101 .... = Header Length: 20 bytes (5)
Flags: 0x018 (PSH, ACK)
Window size value: 16419
[Calculated window size: 65676]
[Window size scaling factor: 4]
Checksum: 0xb6e1 [unverified]
[Checksum Status: Unverified]
Urgent pointer: 0
[SEQ/ACK analysis]
TCP payload (11 bytes)
File Transfer Protocol (FTP)
USER root\r\n
Request command: USER
Request arg: root
-----from TCP layer,there is no info indicate upper application is ftp,how does wireshark know it ,thanks
how does wireshark dessect the protocol above TCP?
No. Time Source Destination Protocol Length Info
5 2012-01-18 13:49:07.908220 10.46.206.14 10.46.212.81 FTP 65 Request: USER root
Source Port: 56053