Análisis forense de una sesión
FTP pasiva
Fecha: 18 de agosto del 2012
Aportes
de datos sobre apertura del puerto 20: 14 de julio 2014
Desarrollo
de la sesión en Wireshark (sesión disponible en: ftp://ftp.vilarrasa.com.ar/ user y
pass: ccna)
Se realiza el análisis
forense de la sesión, donde es relevante el intercambio TCP (saludo de tres
vías, apertura del puerto 20
a demanda, finalización de la sesión de los distintos puertos) y la
resolución ARP y DNS.
Este análisis es ideal
para CCNA 1, CCNA 4 y CCNA Security.
La visualización óptima
es con Google Crome (caracteres en negrita).
Verificación
previa del ARP
C:\>arp -a
No se encontraron entradas ARP
C:\>
Sesión
FTP (capa 7)
C:\>ftp ftp.vilarrasa.com.ar
Conectado a vilarrasa.com.ar.
220 Microsoft FTP Service (Frame 8)
Usuario (vilarrasa.com.ar:(none)): ccna (Frame
10)
331 Password required for ccna. (Frame 11)
Contraseña: (Frame 13)
230-Directory has 78,364,758,016 bytes of disk
space available. (Frame 15)
230 User logged in. (Frame 17)
ftp> dir
(Frame 23)
200 PORT command successful. (Frame 22)
150 Opening ASCII mode data connection.
09-11-08 12:50PM 3913 2 sesiones Telnet al
mismo router.pcap (Frame 26 a 38)
---resumido---
06-19-08 01:02PM 2411 Traza con loop.txt
09-02-08 10:37AM 68421 Trobleshooting.pka
08-12-08 08:48AM 211798 Trouble shooting
ethernet.pdf
11-08-08 09:45AM 125339 Understanding VTP.pdf
11-14-08 06:21PM 2421544 VPN_Client.exe
08-12-08 08:53AM 159209
WirelessySuProblematica.pdf
226-Directory has 78,364,471,296 bytes of disk
space available. (Frame 43)
226 Transfer complete. (Frame 43)
ftp:
11040 bytes recibidos en 0,11 segundos 101,28 a KB/s.(tasa de transferencia)
ftp> by
(Frame 45)
221 Goodbye. (Frame 46)
C:\>arp -a
Interfaz: 10.0.0.109 --- 0x2
Dirección IP Dirección física Tipo
10.0.0.1 00-15-63-40-55-5b dinámico
C:\>
Seguimiento
de las conexiones en el firewall
Gateway# sh conn detail
2 in use, 169 most used
Flags: A - awaiting inside ACK to SYN, a - awaiting outside ACK to SYN,
B - initial SYN from outside,
C - CTIQBE media, D - DNS, d - dump,
E - outside back connection, F
- outside FIN, f - inside FIN,
G - group, g - MGCP, H -
H.323, h - H.225.0, I - inbound data, i - incomplete,
k - Skinny media, M - SMTP
data, m - SIP media, O - outbound data,
P - inside back connection,
q - SQL*Net data, R - outside acknowledged FIN,
R - UDP RPC, r - inside
acknowledged FIN, S - awaiting inside SYN,
s - awaiting outside SYN, T -
SIP, t - SIP transient, U - up
TCP outside:200.58.114.227/20 inside:10.0.0.109/5001 flags UOP
TCP outside:200.58.114.227/21 inside:10.0.0.109/1883 flags UIO
Gateway# sh xlate (NAT en el firewall:
conversión IP privada a pública)
2 in use, 268 most used
PAT Global 201.212.57.251(1218) Local 10.0.0.109(5001)
PAT Global 201.212.57.251(1217) Local 10.0.0.109(1883)
Gateway#
Análisis
de tráfico
No. Time Source Destination Protocol Info
1 0.000000 00:1b:77:b3:80:a5 ff:ff:ff:ff:ff:ff ARP
Who has 10.0.0.1? Tell 10.0.0.109
Frame 1 (42 bytes on wire, 42 bytes captured) (solicitud
de dirección MAC del gateway)
Ethernet II, Src: 00:1b:77:b3:80:a5 (00:1b:77:b3:80:a5), Dst:
ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
Address Resolution Protocol (request)
No. Time Source Destination Protocol Info
2 0.001725 00:15:63:40:55:5b 00:1b:77:b3:80:a5 ARP
10.0.0.1 is at 00:15:63:40:55:5b
Frame 2 (60 bytes on wire, 60 bytes captured) (respuesta
de la dirección MAC del gateway)
Ethernet II, Src: 00:15:63:40:55:5b (00:15:63:40:55:5b), Dst:
00:1b:77:b3:80:a5 (00:1b:77:b3:80:a5)
Address Resolution Protocol (reply)
No. Time Source Destination Protocol Info
3 0.001735 10.0.0.109 8.8.8.8 DNS
Standard query A ftp.vilarrasa.com.ar
Frame 3 (80 bytes on wire, 80 bytes captured) (solicitud
de dirección IP del dominio)
Ethernet II, Src: 00:1b:77:b3:80:a5 (00:1b:77:b3:80:a5), Dst:
00:15:63:40:55:5b (00:15:63:40:55:5b)
Internet Protocol, Src: 10.0.0.109 (10.0.0.109), Dst: 8.8.8.8 (8.8.8.8)
User Datagram Protocol, Src Port: 64931 (64931), Dst Port: 53 (53)
Domain Name System (query)
No. Time Source Destination Protocol Info
4 0.061964 8.8.8.8 10.0.0.109 DNS Standard query response
CNAME vilarrasa.com.ar A
200.58.114.227
Frame 4 (110 bytes on wire, 110 bytes captured) (respuesta
de la dirección IP del dominio)
Ethernet II, Src: 00:15:63:40:55:5b (00:15:63:40:55:5b), Dst:
00:1b:77:b3:80:a5 (00:1b:77:b3:80:a5)
Internet Protocol, Src: 8.8.8.8 (8.8.8.8), Dst: 10.0.0.109 (10.0.0.109)
User Datagram Protocol, Src Port: 53 (53), Dst Port: 64931 (64931)
Domain Name System (response)
No. Time Source Destination Protocol Info
5 0.066262 10.0.0.109 200.58.114.227 TCP 1883 > 21 [SYN] Seq=0 Win=65535
Frame 5 (66 bytes on wire, 66 bytes captured)
(inicio saludo de tres vías)
Ethernet II, Src: 00:1b:77:b3:80:a5 (00:1b:77:b3:80:a5), Dst:
00:15:63:40:55:5b (00:15:63:40:55:5b)
Internet Protocol, Src: 10.0.0.109 (10.0.0.109), Dst: 200.58.114.227
(200.58.114.227)
Transmission Control Protocol, Src Port: 1883 (1883), Dst Port: 21 (21),
Seq: 0, Len: 0
Source port: 1883 (1883)
Destination port: 21 (21)
Sequence number: 0 (relative sequence number)
Header length: 32 bytes
Flags: 0x02
(SYN) (etiqueta (1) en gráfico)
Window size: 65535
Checksum: 0x2c85 [correct]
Options: (12 bytes)
No. Time Source Destination Protocol Info
6 0.098551 200.58.114.227 10.0.0.109 TCP 21 > 1883 [SYN, ACK] Seq=0
Ack=1
Frame 6 (66 bytes on wire, 66 bytes captured)
(respuesta saludo de tres vías)
Ethernet II, Src: 00:15:63:40:55:5b (00:15:63:40:55:5b), Dst:
00:1b:77:b3:80:a5 (00:1b:77:b3:80:a5)
Internet Protocol, Src: 200.58.114.227 (200.58.114.227), Dst: 10.0.0.109
(10.0.0.109)
Transmission Control Protocol, Src Port: 21 (21), Dst Port: 1883 (1883),
Seq: 0, Ack: 1, Len: 0
Source port: 21 (21)
Destination port: 1883 (1883)
Sequence
number: 0 (relative sequence number)
Acknowledgement
number: 1 (relative ack number)
Header length: 32 bytes
Flags: 0x12
(SYN, ACK) (etiqueta (2) en gráfico)
Window size: 8192
Checksum: 0x4bfc [correct]
Options: (12 bytes)
[SEQ/ACK analysis]
[This is an
ACK to the segment in frame: 5]
[The RTT to ACK the segment
was: 0.032289000 seconds]
No. Time Source Destination Protocol Info
7 0.098582 10.0.0.109 200.58.114.227 TCP 1883 > 21 [ACK] Seq=1 Ack=1
Win=65536
Frame 7 (54 bytes on wire, 54 bytes captured)
(acuse de recibo saludo de tres vías)
Ethernet II, Src: 00:1b:77:b3:80:a5 (00:1b:77:b3:80:a5), Dst:
00:15:63:40:55:5b (00:15:63:40:55:5b)
Internet Protocol, Src: 10.0.0.109 (10.0.0.109), Dst: 200.58.114.227
(200.58.114.227)
Transmission Control Protocol, Src Port: 1883 (1883), Dst Port: 21 (21),
Seq: 1, Ack: 1, Len: 0
Source port: 1883 (1883)
Destination port: 21 (21)
Sequence
number: 1 (relative sequence number)
Acknowledgement
number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x10
(ACK) (etiqueta (3) en gráfico)
Window size: 65536 (scaled)
Checksum: 0x2c7f [correct]
[SEQ/ACK analysis]
[This is an
ACK to the segment in frame: 6]
[The RTT to ACK the segment
was: 0.000031000 seconds]
No. Time Source Destination Protocol Info
8 0.130474 200.58.114.227 10.0.0.109 FTP Response: 220 Microsoft FTP Service
Frame 8 (81 bytes on wire, 81 bytes captured)
(inicio sesión FTP)
Ethernet II, Src: 00:15:63:40:55:5b (00:15:63:40:55:5b), Dst:
00:1b:77:b3:80:a5 (00:1b:77:b3:80:a5)
Internet Protocol, Src: 200.58.114.227 (200.58.114.227), Dst: 10.0.0.109
(10.0.0.109)
Transmission Control Protocol, Src Port: 21 (21), Dst Port: 1883 (1883), Seq:
1, Ack: 1, Len: 27
Source port: 21 (21)
Destination port: 1883 (1883)
Sequence number: 1 (relative sequence number)
[Next sequence number: 28 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 66560 (scaled)
Checksum: 0x106f [correct]
[SEQ/ACK analysis]
[This is an
ACK to the segment in frame: 7]
[The RTT to ACK the segment
was: 0.031892000 seconds]
File Transfer Protocol (FTP)
220 Microsoft FTP Service\r\n
Response code: Service ready
for new user (220)
Response arg: Microsoft FTP
Service
No. Time Source Destination Protocol Info
9 0.311163 10.0.0.109 200.58.114.227 TCP 1883 > 21 [ACK] Seq=1 Ack=28
Win=65508 Len=0
Frame 9 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 00:1b:77:b3:80:a5 (00:1b:77:b3:80:a5), Dst:
00:15:63:40:55:5b (00:15:63:40:55:5b)
Internet Protocol, Src: 10.0.0.109 (10.0.0.109), Dst: 200.58.114.227
(200.58.114.227)
Transmission Control Protocol, Src Port: 1883 (1883), Dst Port: 21 (21),
Seq: 1, Ack: 28, Len: 0
Source port: 1883 (1883)
Destination port: 21 (21)
Sequence number: 1 (relative sequence number)
Acknowledgement number: 28 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 65508 (scaled)
Checksum: 0x2c72 [correct]
[SEQ/ACK analysis]
[This is an
ACK to the segment in frame: 8]
[The RTT to ACK the segment
was: 0.180689000 seconds]
No. Time Source Destination Protocol Info
10 3.215124 10.0.0.109 200.58.114.227 FTP
Request: USER ccna
Frame 10 (65 bytes on wire, 65 bytes captured)
(ingresa usuario)
Ethernet II, Src: 00:1b:77:b3:80:a5 (00:1b:77:b3:80:a5), Dst:
00:15:63:40:55:5b (00:15:63:40:55:5b)
Internet Protocol, Src: 10.0.0.109 (10.0.0.109), Dst: 200.58.114.227
(200.58.114.227)
Transmission Control Protocol, Src Port: 1883 (1883), Dst Port: 21 (21),
Seq: 1, Ack: 28, Len: 11
Source port: 1883 (1883)
Destination port: 21 (21)
Sequence number: 1 (relative sequence number)
[Next sequence number: 12 (relative sequence number)]
Acknowledgement number: 28 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 65508 (scaled)
Checksum: 0xa2da [correct]
File Transfer Protocol (FTP)
USER ccna\r\n
No. Time Source Destination Protocol Info
11 3.247306 200.58.114.227 10.0.0.109 FTP Response: 331 Password required for
ccna.
Frame 11 (87 bytes on wire, 87 bytes captured)
(solicita password)
Ethernet II, Src: 00:15:63:40:55:5b (00:15:63:40:55:5b), Dst:
00:1b:77:b3:80:a5 (00:1b:77:b3:80:a5)
Internet Protocol, Src: 200.58.114.227 (200.58.114.227), Dst: 10.0.0.109
(10.0.0.109)
Transmission Control Protocol, Src Port: 21 (21), Dst Port: 1883 (1883),
Seq: 28, Ack: 12, Len: 33
Source port: 21 (21)
Destination port: 1883 (1883)
Sequence number: 28 (relative sequence number)
[Next sequence number: 61 (relative sequence number)]
Acknowledgement number: 12 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 66560 (scaled)
Checksum: 0xe4fb [correct]
[SEQ/ACK analysis]
[This is an
ACK to the segment in frame: 10]
[The RTT to ACK the segment
was: 0.032182000 seconds]
File Transfer Protocol (FTP)
331 Password required for
ccna.\r\n
No. Time Source Destination Protocol Info
12 3.429227 10.0.0.109 200.58.114.227 TCP 1883 > 21 [ACK] Seq=12 Ack=61
Win=65476 Len=0
Frame 12 (54 bytes on wire, 54 bytes captured)
(control)
Ethernet II, Src: 00:1b:77:b3:80:a5 (00:1b:77:b3:80:a5), Dst:
00:15:63:40:55:5b (00:15:63:40:55:5b)
Internet Protocol, Src: 10.0.0.109 (10.0.0.109), Dst: 200.58.114.227
(200.58.114.227)
Transmission Control Protocol, Src Port: 1883 (1883), Dst Port: 21 (21),
Seq: 12, Ack: 61, Len: 0
Source port: 1883 (1883)
Destination port: 21 (21)
Sequence number: 12 (relative sequence number)
Acknowledgement number: 61 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 65476 (scaled)
Checksum: 0x2c56 [correct]
[SEQ/ACK analysis]
[This is an
ACK to the segment in frame: 11]
[The RTT to ACK the segment
was: 0.181921000 seconds]
No. Time Source Destination Protocol Info
13 4.902156 10.0.0.109 200.58.114.227 FTP
Request: PASS ccna
Frame 13 (65 bytes on wire, 65 bytes captured)
(solicita password)
Ethernet II, Src: 00:1b:77:b3:80:a5 (00:1b:77:b3:80:a5), Dst:
00:15:63:40:55:5b (00:15:63:40:55:5b)
Internet Protocol, Src: 10.0.0.109 (10.0.0.109), Dst: 200.58.114.227
(200.58.114.227)
Transmission Control Protocol, Src Port: 1883 (1883), Dst Port: 21 (21),
Seq: 12, Ack: 61, Len: 11
Source port: 1883 (1883)
Destination port: 21 (21)
Sequence number: 12 (relative sequence number)
[Next sequence number: 23 (relative sequence number)]
Acknowledgement number: 61 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 65476 (scaled)
Checksum: 0x99cf [correct]
File Transfer Protocol (FTP)
PASS ccna\r\n
No. Time Source Destination Protocol Info
14 5.141702 200.58.114.227 10.0.0.109 TCP 21 > 1883 [ACK] Seq=61 Ack=23
Win=66560 Len=0
Frame 14 (60 bytes on wire, 60 bytes captured)
(control)
Ethernet II, Src: 00:15:63:40:55:5b (00:15:63:40:55:5b), Dst:
00:1b:77:b3:80:a5 (00:1b:77:b3:80:a5)
Internet Protocol, Src: 200.58.114.227 (200.58.114.227), Dst: 10.0.0.109
(10.0.0.109)
Transmission Control Protocol, Src Port: 21 (21), Dst Port: 1883 (1883),
Seq: 61, Ack: 23, Len: 0
Source port: 21 (21)
Destination port: 1883 (1883)
Sequence number: 61 (relative sequence number)
Acknowledgement number: 23 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 66560 (scaled)
Checksum: 0xab29 [correct]
[SEQ/ACK analysis]
[This is an
ACK to the segment in frame: 13]
[The RTT to ACK the segment
was: 0.239546000 seconds]
No. Time Source Destination Protocol Info
15 6.004511 200.58.114.227 10.0.0.109 FTP Response: 230-Directory has
78,400,737,280 bytes of disk space available.
Frame 15 (119 bytes on wire, 119 bytes captured)
(encabezado del directorio)
Ethernet II, Src: 00:15:63:40:55:5b (00:15:63:40:55:5b), Dst:
00:1b:77:b3:80:a5 (00:1b:77:b3:80:a5)
Internet Protocol, Src: 200.58.114.227 (200.58.114.227), Dst: 10.0.0.109
(10.0.0.109)
Transmission Control Protocol, Src Port: 21 (21), Dst Port: 1883 (1883),
Seq: 61, Ack: 23, Len: 65
Source port: 21 (21)
Destination port: 1883 (1883)
Sequence number: 61 (relative sequence number)
[Next sequence number: 126 (relative sequence number)]
Acknowledgement number: 23 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 66560 (scaled)
Checksum: 0xbace [correct]
File Transfer Protocol (FTP)
230-Directory has 78,400,737,280 bytes of disk space available.\r\n
No. Time Source Destination Protocol Info
16 6.144932 10.0.0.109 200.58.114.227 TCP 1883 > 21 [ACK] Seq=23 Ack=126
Win=65410 Len=0
Frame 16 (54 bytes on wire, 54 bytes captured)
(control)
Ethernet II, Src: 00:1b:77:b3:80:a5 (00:1b:77:b3:80:a5), Dst:
00:15:63:40:55:5b (00:15:63:40:55:5b)
Internet Protocol, Src: 10.0.0.109 (10.0.0.109), Dst: 200.58.114.227
(200.58.114.227)
Transmission Control Protocol, Src Port: 1883 (1883), Dst Port: 21 (21),
Seq: 23, Ack: 126, Len: 0
Source port: 1883 (1883)
Destination port: 21 (21)
Sequence number: 23 (relative sequence number)
Acknowledgement number: 126 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 65410 (scaled)
Checksum: 0x2c2b [correct]
[SEQ/ACK analysis]
[This is an
ACK to the segment in frame: 15]
[The RTT to ACK the segment
was: 0.140421000 seconds]
No. Time Source Destination Protocol Info
17 6.639721 200.58.114.227 10.0.0.109 FTP Response: 230 User logged in.
Frame 17 (75 bytes on wire, 75 bytes captured)
Ethernet II, Src: 00:15:63:40:55:5b (00:15:63:40:55:5b), Dst:
00:1b:77:b3:80:a5 (00:1b:77:b3:80:a5)
Internet Protocol, Src: 200.58.114.227 (200.58.114.227), Dst: 10.0.0.109
(10.0.0.109)
Transmission Control Protocol, Src Port: 21 (21), Dst Port: 1883 (1883),
Seq: 126, Ack: 23, Len: 21
Source port: 21 (21)
Destination port: 1883 (1883)
Sequence number: 126 (relative sequence number)
[Next sequence number: 147 (relative sequence number)]
Acknowledgement number: 23 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 66560 (scaled)
Checksum: 0x90bd [correct]
[SEQ/ACK analysis]
[This is an ACK to the
segment in frame: 16]
[The RTT to ACK the segment
was: 0.494789000 seconds]
File Transfer Protocol (FTP)
230 User logged in.\r\n
No. Time Source Destination Protocol Info
18 6.748415 10.0.0.109 200.58.114.227 TCP 1883 > 21 [ACK] Seq=23 Ack=147
Win=65390 Len=0
Frame 18 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 00:1b:77:b3:80:a5 (00:1b:77:b3:80:a5), Dst:
00:15:63:40:55:5b (00:15:63:40:55:5b)
Internet Protocol, Src: 10.0.0.109 (10.0.0.109), Dst: 200.58.114.227
(200.58.114.227)
Transmission Control Protocol, Src Port: 1883 (1883), Dst Port: 21 (21),
Seq: 23, Ack: 147, Len: 0
Source port: 1883 (1883)
Destination port: 21 (21)
Sequence number: 23 (relative sequence number)
Acknowledgement number: 147 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 65390 (scaled)
Checksum: 0x2c20 [correct]
[SEQ/ACK analysis]
[This is an ACK to the
segment in frame: 17]
[The RTT to ACK the segment
was: 0.108694000 seconds]
No. Time Source Destination Protocol Info
19 9.264333 10.0.0.109 200.58.114.227 FTP
Request: PORT 10,0,0,109,19,137
Frame 19 (78 bytes on wire, 78 bytes captured)
Ethernet II, Src: 00:1b:77:b3:80:a5 (00:1b:77:b3:80:a5), Dst:
00:15:63:40:55:5b (00:15:63:40:55:5b)
Internet Protocol, Src: 10.0.0.109 (10.0.0.109), Dst: 200.58.114.227
(200.58.114.227)
Transmission Control Protocol, Src Port: 1883 (1883), Dst Port: 21 (21),
Seq: 23, Ack: 147, Len: 24
Source port: 1883 (1883)
Destination port: 21 (21)
Sequence number: 23 (relative sequence number)
[Next sequence number: 47 (relative sequence number)]
Acknowledgement number: 147 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 65390 (scaled)
Checksum: 0xd09e [correct]
File Transfer Protocol (FTP)(en esta trama el cliente informa a que puerto se conectará el puerto 20
del server)
PORT 10,0,0,109,19,137\r\n
Request command: PORT
Request arg: 10,0,0,109,19,137
Active IP address: 10.0.0.109
(10.0.0.109)
Active port: 5001
No. Time Source Destination Protocol Info
20 9.297975 200.58.114.227 10.0.0.109 TCP 20
> 5001 [SYN] Seq=0 Win=8192 Len=0
Frame 20 (66 bytes on wire, 66 bytes captured)
(saludo de tres vías para port 20)
Ethernet II, Src: 00:15:63:40:55:5b (00:15:63:40:55:5b), Dst:
00:1b:77:b3:80:a5 (00:1b:77:b3:80:a5)
Internet Protocol, Src: 200.58.114.227 (200.58.114.227), Dst: 10.0.0.109
(10.0.0.109)
Transmission Control Protocol, Src Port: 20 (20), Dst Port: 5001 (5001),
Seq: 0, Len: 0
Source port: 20 (20)
Destination
port: 5001 (5001)
Sequence number: 0 (relative sequence number)
Header length: 32 bytes
Flags: 0x02 (SYN)(etiqueta
(1) en la gráfica)
Window size: 8192
Checksum: 0x9213 [correct]
Options: (12 bytes)
No. Time Source Destination Protocol Info
21 9.298033 10.0.0.109 200.58.114.227 TCP 5001 > 20 [SYN, ACK] Seq=0 Ack=1
Frame 21 (66 bytes on wire, 66 bytes captured)
(respuesta saludo de tres vías para port 20)
Ethernet II, Src: 00:1b:77:b3:80:a5 (00:1b:77:b3:80:a5), Dst:
00:15:63:40:55:5b (00:15:63:40:55:5b)
Internet Protocol, Src: 10.0.0.109 (10.0.0.109), Dst: 200.58.114.227
(200.58.114.227)
Transmission Control Protocol, Src Port: 5001 (5001), Dst Port: 20 (20),
Seq: 0, Ack: 1, Len: 0
Source port:
5001 (5001)
Destination
port: 20 (20)
Sequence number: 0 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 32 bytes
Flags: 0x12 (SYN, ACK) (etiqueta (2) en la gráfica)
Window size: 65535
Checksum: 0x2e6b [correct]
Options: (12 bytes)
[SEQ/ACK analysis]
[This is an ACK to the
segment in frame: 20]
[The RTT to ACK the segment
was: 0.000058000 seconds]
No. Time Source Destination Protocol Info
22 9.298433 200.58.114.227 10.0.0.109 FTP Response: 200 PORT command successful.
Frame 22 (84 bytes on wire, 84 bytes captured)
Ethernet II, Src: 00:15:63:40:55:5b (00:15:63:40:55:5b), Dst:
00:1b:77:b3:80:a5 (00:1b:77:b3:80:a5)
Internet Protocol, Src: 200.58.114.227 (200.58.114.227), Dst: 10.0.0.109
(10.0.0.109)
Transmission Control Protocol, Src Port: 21 (21), Dst Port: 1883 (1883),
Seq: 147, Ack: 47, Len: 30
Source port: 21 (21)
Destination port: 1883 (1883)
Sequence number: 147 (relative sequence number)
[Next sequence number: 177 (relative sequence number)]
Acknowledgement number: 47 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 66560 (scaled)
Checksum: 0xedad [correct]
[SEQ/ACK analysis]
[This is an ACK to the
segment in frame: 19]
[The RTT to ACK the segment
was: 0.034100000 seconds]
File Transfer Protocol (FTP)
200 PORT command successful.\r\n
No. Time Source Destination Protocol Info
23 9.300182 10.0.0.109 200.58.114.227 FTP
Request: LIST
Frame 23 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: 00:1b:77:b3:80:a5 (00:1b:77:b3:80:a5), Dst:
00:15:63:40:55:5b (00:15:63:40:55:5b)
Internet Protocol, Src: 10.0.0.109 (10.0.0.109), Dst: 200.58.114.227
(200.58.114.227)
Transmission Control Protocol, Src Port: 1883 (1883), Dst Port: 21 (21),
Seq: 47, Ack: 177, Len: 6
Source port: 1883 (1883)
Destination port: 21 (21)
Sequence number: 47 (relative sequence number)
[Next sequence number: 53 (relative sequence number)]
Acknowledgement number: 177 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 65360 (scaled)
Checksum: 0x7f43 [correct]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame:
22]
[The RTT to ACK the segment
was: 0.001749000 seconds]
File Transfer Protocol (FTP)
LIST\r\n
No. Time Source Destination Protocol Info
24 9.330145 200.58.114.227 10.0.0.109 TCP 20 > 5001 [ACK] Seq=1 Ack=1 Win=66560
Len=0
Frame 24 (60 bytes on wire, 60 bytes captured)
(acuse de recibo saludo tres vías para port 20)
Ethernet II, Src: 00:15:63:40:55:5b (00:15:63:40:55:5b), Dst: 00:1b:77:b3:80:a5
(00:1b:77:b3:80:a5)
Internet Protocol, Src: 200.58.114.227 (200.58.114.227), Dst: 10.0.0.109
(10.0.0.109)
Transmission Control Protocol, Src Port: 20 (20), Dst Port: 5001 (5001),
Seq: 1, Ack: 1, Len: 0
Source port: 20
(20)
Destination
port: 5001 (5001)
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK) (etiqueta (3) en la gráfica)
Window size: 66560 (scaled)
Checksum: 0x6d6b [correct]
[SEQ/ACK analysis]
[This is an ACK to the
segment in frame: 21]
[The RTT to ACK the segment
was: 0.032112000 seconds]
No. Time Source Destination Protocol Info
25 9.332238 200.58.114.227 10.0.0.109 FTP Response: 125 Data connection already
open;
Transfer starting.
Frame 25 (108 bytes on wire, 108 bytes captured)
Ethernet II, Src: 00:15:63:40:55:5b (00:15:63:40:55:5b), Dst:
00:1b:77:b3:80:a5 (00:1b:77:b3:80:a5)
Internet Protocol, Src: 200.58.114.227 (200.58.114.227), Dst: 10.0.0.109
(10.0.0.109)
Transmission Control Protocol, Src Port: 21 (21), Dst Port: 1883 (1883),
Seq: 177, Ack: 53, Len: 54
Source port: 21 (21)
Destination port: 1883 (1883)
Sequence number: 177 (relative sequence number)
[Next sequence number: 231 (relative sequence number)]
Acknowledgement number: 53 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 66560 (scaled)
Checksum: 0x200a [correct]
[SEQ/ACK analysis]
[This is an ACK to the
segment in frame: 23]
[The RTT to ACK the segment
was: 0.032056000 seconds]
File Transfer Protocol (FTP)
125 Data connection already open;
Transfer starting.\r\n
No. Time Source Destination Protocol Info
26 9.334291 200.58.114.227 10.0.0.109 FTP-DATA FTP Data: 1260 bytes
Frame 26 (1314 bytes on wire, 1314 bytes captured)
Ethernet II, Src: 00:15:63:40:55:5b (00:15:63:40:55:5b), Dst:
00:1b:77:b3:80:a5 (00:1b:77:b3:80:a5)
Internet Protocol, Src: 200.58.114.227 (200.58.114.227), Dst: 10.0.0.109
(10.0.0.109)
Transmission Control Protocol, Src Port: 20 (20), Dst Port: 5001 (5001),
Seq: 1, Ack: 1, Len: 1260
Source port: 20 (20)
Destination port: 5001 (5001)
Sequence number: 1 (relative sequence number)
[Next sequence number: 1261 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 66560 (scaled)
Checksum: 0x866c [correct]
FTP Data
[truncated]
FTP Data:
09-11-08 12:50PM 3913 2 sesiones Telnet al
mismo router.pcap\r\n
08-12-08 08:44AM 1604910 3com 1100tx.pdf\r\n
08-12-08 08:44AM 2187473 3Com
2226-User-Guide.pdf\r\n
08-12-08 0
08-12-08 08:44AM 1604910 3com 1100tx.pdf\r\n
08-12-08 08:44AM 2187473 3Com
2226-User-Guide.pdf\r\n
08-12-08 08:44AM
No. Time Source Destination Protocol Info
27 9.334688 200.58.114.227 10.0.0.109 FTP-DATA FTP Data: 1260 bytes
Frame 27 (1314 bytes on wire, 1314 bytes captured)
Ethernet II, Src: 00:15:63:40:55:5b (00:15:63:40:55:5b), Dst: 00:1b:77:b3:80:a5
(00:1b:77:b3:80:a5)
Internet Protocol, Src: 200.58.114.227 (200.58.114.227), Dst: 10.0.0.109
(10.0.0.109)
Transmission Control Protocol, Src Port: 20 (20), Dst Port: 5001 (5001),
Seq: 1261, Ack: 1, Len: 1260
Source port: 20 (20)
Destination port: 5001 (5001)
Sequence number: 1261 (relative sequence number)
[Next sequence number: 2521 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 66560 (scaled)
Checksum: 0x8767 [correct]
FTP Data
[truncated]
FTP Data:
18006 Captura SSH con clave recien generada.pcap\r\n
07-02-08 08:40AM 3935 Captura TFTP.cap\r\n
08-04-08 08:57AM 6351966 Catalyst 2950
databook.pdf\r\n
08-04-08 09:02AM 3935 Captura TFTP.cap\r\n
08-04-08 08:57AM 6351966 Catalyst 2950
databook.pdf\r\n08-04-08 09:02AM
No. Time Source Destination Protocol Info
28 9.334716 10.0.0.109 200.58.114.227 TCP
5001 > 20 [ACK] Seq=1 Ack=2521 Win=65536 Len=0
Frame 28 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 00:1b:77:b3:80:a5 (00:1b:77:b3:80:a5), Dst:
00:15:63:40:55:5b (00:15:63:40:55:5b)
Internet Protocol, Src: 10.0.0.109 (10.0.0.109), Dst: 200.58.114.227
(200.58.114.227)
Transmission Control Protocol, Src Port: 5001 (5001), Dst Port: 20 (20),
Seq: 1, Ack: 2521, Len: 0
Source port: 5001 (5001)
Destination port: 20 (20)
Sequence number: 1 (relative sequence number)
Acknowledgement number: 2521 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 65536 (scaled)
Checksum: 0xe496 [correct]
[SEQ/ACK analysis]
[This is an ACK to the
segment in frame: 27]
[The RTT to ACK the segment
was: 0.000028000 seconds]
No. Time Source Destination Protocol Info
29 9.366794 200.58.114.227 10.0.0.109 FTP-DATA FTP Data: 1260 bytes
Frame 29 (1314 bytes on wire, 1314 bytes captured)
Ethernet II, Src: 00:15:63:40:55:5b (00:15:63:40:55:5b), Dst:
00:1b:77:b3:80:a5 (00:1b:77:b3:80:a5)
Internet Protocol, Src: 200.58.114.227 (200.58.114.227), Dst: 10.0.0.109
(10.0.0.109)
Transmission Control Protocol, Src Port: 20 (20), Dst Port: 5001 (5001),
Seq: 2521, Ack: 1, Len: 1260
Source port: 20 (20)
Destination port: 5001 (5001)
Sequence number: 2521 (relative sequence number)
[Next sequence number: 3781 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 66560 (scaled)
Checksum: 0xa267 [correct]
[SEQ/ACK analysis]
[This is an ACK to the
segment in frame: 28]
[The RTT to ACK the segment
was: 0.032078000 seconds]
FTP Data
[truncated]
FTP Data:
6PM 264350 Configuring OSPF with IOS
12.0.pdf\r\n10-08-08
04:06PM 96205 Configuring RIP with IOS 12.0.pdf\r\n09-12-08
02:21PM 3102 Conversacion 3 vias y Telnet.pcap\r\n08
No. Time Source Destination Protocol Info
30 9.367088 200.58.114.227 10.0.0.109 FTP-DATA FTP Data: 1260 bytes
Frame 30 (1314 bytes on wire, 1314 bytes captured)
Ethernet II, Src: 00:15:63:40:55:5b (00:15:63:40:55:5b), Dst:
00:1b:77:b3:80:a5 (00:1b:77:b3:80:a5)
Internet Protocol, Src: 200.58.114.227 (200.58.114.227), Dst: 10.0.0.109
(10.0.0.109)
Transmission Control Protocol, Src Port: 20 (20), Dst Port: 5001 (5001),
Seq: 3781, Ack: 1, Len: 1260
Source port: 20 (20)
Destination port: 5001 (5001)
Sequence number: 3781 (relative sequence number)
[Next sequence number: 5041 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 66560 (scaled)
Checksum: 0x7b43 [correct]
FTP Data
[truncated]
FTP Data:
1PM 136192 Escenario 13
de Sep resuelto con RIP v2.pka\r\n09-22-08
12:41PM 7006
Escenario 13 de sep resuelto con RIP v2.txt\r\n02-16-11
08:51AM 265911
Escenario 15 de mayo
No. Time Source Destination Protocol Info
31 9.367116 10.0.0.109 200.58.114.227 TCP 5001 > 20 [ACK] Seq=1 Ack=5041
Win=65536 Len=0
Frame 31 (54 bytes on wire, 54 bytes captured)
(control)
Ethernet II, Src: 00:1b:77:b3:80:a5 (00:1b:77:b3:80:a5), Dst: 00:15:63:40:55:5b
(00:15:63:40:55:5b)
Internet Protocol, Src: 10.0.0.109 (10.0.0.109), Dst: 200.58.114.227
(200.58.114.227)
Transmission Control Protocol, Src Port: 5001 (5001), Dst Port: 20 (20),
Seq: 1, Ack: 5041, Len: 0
Source port: 5001 (5001)
Destination port: 20 (20)
Sequence number: 1 (relative sequence number)
Acknowledgement number: 5041 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 65536 (scaled)
Checksum: 0xdabe [correct]
[SEQ/ACK analysis]
[This is an ACK to the
segment in frame: 30]
[The RTT to ACK the segment
was: 0.000028000 seconds]
No. Time Source Destination Protocol Info
32 9.367424 200.58.114.227 10.0.0.109 FTP-DATA FTP Data: 1260 bytes
Frame 32 (1314 bytes on wire, 1314 bytes captured)
Ethernet II, Src: 00:15:63:40:55:5b (00:15:63:40:55:5b), Dst:
00:1b:77:b3:80:a5 (00:1b:77:b3:80:a5)
Internet Protocol, Src: 200.58.114.227 (200.58.114.227), Dst: 10.0.0.109
(10.0.0.109)
Transmission Control Protocol, Src Port: 20 (20), Dst Port: 5001 (5001),
Seq: 5041, Ack: 1, Len: 1260
Source port: 20 (20)
Destination port: 5001 (5001)
Sequence number: 5041 (relative sequence number)
[Next sequence number: 6301 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 66560 (scaled)
Checksum: 0x1454 [correct]
[SEQ/ACK analysis]
[This is an ACK to the
segment in frame: 31]
[The RTT to ACK the segment
was: 0.000308000 seconds]
FTP Data
[truncated]
FTP Data: 152102 Escenario
VLSM RIPv2.pka\r\n06-19-08
12:54PM 1826 Estado
de rutas RIP.txt\r\n06-19-08
12:54PM 2368 Eventos
RIP.txt\r\n09-22-08 12:51PM 571 Failov
No. Time Source Destination Protocol Info
33 9.367983 200.58.114.227 10.0.0.109 FTP-DATA FTP Data: 1260 bytes
Frame 33 (1314 bytes on wire, 1314 bytes captured)
Ethernet II, Src: 00:15:63:40:55:5b (00:15:63:40:55:5b), Dst:
00:1b:77:b3:80:a5 (00:1b:77:b3:80:a5)
Internet Protocol, Src: 200.58.114.227 (200.58.114.227), Dst: 10.0.0.109
(10.0.0.109)
Transmission Control Protocol, Src Port: 20 (20), Dst Port: 5001 (5001),
Seq: 6301, Ack: 1, Len: 1260
Source port: 20 (20)
Destination port: 5001 (5001)
Sequence number: 6301 (relative sequence number)
[Next sequence number: 7561 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 66560 (scaled)
Checksum: 0xc5d2 [correct]
FTP Data
[truncated]
FTP Data: 8 08:46AM 51401 Modem.pdf\r\n09-25-08
04:18PM 346778 Modems
and routers.rar\r\n10-30-08
03:32PM 156148 Modulo 5
CCNA 3 v3_1.pka\r\n08-14-11
07:26PM 9633 M
No. Time Source Destination Protocol Info
34 9.368011 10.0.0.109 200.58.114.227 TCP 5001 > 20 [ACK] Seq=1 Ack=7561
Win=65536 Len=0
Frame 34 (54 bytes on wire, 54 bytes captured)
(control)
Ethernet II, Src: 00:1b:77:b3:80:a5 (00:1b:77:b3:80:a5), Dst:
00:15:63:40:55:5b (00:15:63:40:55:5b)
Internet Protocol, Src: 10.0.0.109 (10.0.0.109), Dst: 200.58.114.227
(200.58.114.227)
Transmission Control Protocol, Src Port: 5001 (5001), Dst Port: 20 (20),
Seq: 1, Ack: 7561, Len: 0
Source port: 5001 (5001)
Destination port: 20 (20)
Sequence number: 1 (relative sequence number)
Acknowledgement number: 7561 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 65536 (scaled)
Checksum: 0xd0e6 [correct]
[SEQ/ACK analysis]
[This is an ACK to the
segment in frame: 33]
[The RTT to ACK the segment
was: 0.000028000 seconds]
No. Time Source Destination Protocol Info
35 9.401629 200.58.114.227 10.0.0.109 FTP-DATA FTP Data: 1260 bytes
Frame 35 (1314 bytes on wire, 1314 bytes captured)
Ethernet II, Src: 00:15:63:40:55:5b (00:15:63:40:55:5b), Dst:
00:1b:77:b3:80:a5 (00:1b:77:b3:80:a5)
Internet Protocol, Src: 200.58.114.227 (200.58.114.227), Dst: 10.0.0.109
(10.0.0.109)
Transmission Control Protocol, Src Port: 20 (20), Dst Port: 5001 (5001),
Seq: 7561, Ack: 1, Len: 1260
Source port: 20 (20)
Destination port: 5001 (5001)
Sequence number: 7561 (relative sequence number)
[Next sequence number: 8821 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 66560 (scaled)
Checksum: 0xf111 [correct]
[SEQ/ACK analysis]
[This is an ACK to the
segment in frame: 34]
[The RTT to ACK the segment
was: 0.033618000 seconds]
FTP Data
[truncated]
FTP Data: ica 3.doc\r\n
06-02-08 09:01AM 30208 Practica 4.doc\r\n
08-14-11 07:14PM 9046 Practica Capitulo 2
_Parte 1.pdf\r\n
08-14-11 07:14PM 10437 Practica Capitulo 2
_Parte 2.pdf\
No. Time Source Destination Protocol Info
36 9.402012 200.58.114.227 10.0.0.109 FTP-DATA FTP Data: 1260 bytes
Frame 36 (1314 bytes on wire, 1314 bytes captured)
Ethernet II, Src: 00:15:63:40:55:5b (00:15:63:40:55:5b), Dst:
00:1b:77:b3:80:a5 (00:1b:77:b3:80:a5)
Internet Protocol, Src: 200.58.114.227 (200.58.114.227), Dst: 10.0.0.109
(10.0.0.109)
Transmission Control Protocol, Src Port: 20 (20), Dst Port: 5001 (5001),
Seq: 8821, Ack: 1, Len: 1260
Source port: 20 (20)
Destination port: 5001 (5001)
Sequence number: 8821 (relative sequence number)
[Next sequence number: 10081 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 66560 (scaled)
Checksum: 0x0cfc [correct]
FTP Data
[truncated]
FTP Data:
80081 Scenario de
prueba Balance de carga.pka\r\n
11-18-09 10:03PM 236501 Scenario for
IT administration.pka\r\n
09-18-08 08:12AM 152069 Scenario RIP v1 17 de
Septiembre.pka\r\n
08-22-08 02
No. Time Source Destination Protocol Info
37 9.402038 10.0.0.109 200.58.114.227 TCP 5001 > 20 [ACK] Seq=1 Ack=10081
Win=65536 Len=0
Frame 37 (54 bytes on wire, 54 bytes captured)
(control)
Ethernet II, Src: 00:1b:77:b3:80:a5 (00:1b:77:b3:80:a5), Dst:
00:15:63:40:55:5b (00:15:63:40:55:5b)
Internet Protocol, Src: 10.0.0.109 (10.0.0.109), Dst: 200.58.114.227
(200.58.114.227)
Transmission Control Protocol, Src Port: 5001 (5001), Dst Port: 20 (20),
Seq: 1, Ack: 10081, Len: 0
Source port: 5001 (5001)
Destination port: 20 (20)
Sequence number: 1 (relative sequence number)
Acknowledgement number:
10081 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 65536 (scaled)
Checksum: 0xc70e [correct]
[SEQ/ACK analysis]
[This is an ACK to the
segment in frame: 36]
[The RTT to ACK the segment
was: 0.000026000 seconds]
No. Time Source Destination Protocol Info
38 9.402346 200.58.114.227 10.0.0.109 FTP-DATA FTP Data: 960 bytes
Frame 38 (1014 bytes on wire, 1014 bytes captured) (saludo de finalización puerto 20)
Ethernet II, Src: 00:15:63:40:55:5b (00:15:63:40:55:5b), Dst:
00:1b:77:b3:80:a5 (00:1b:77:b3:80:a5)
Internet Protocol, Src: 200.58.114.227 (200.58.114.227), Dst: 10.0.0.109
(10.0.0.109)
Transmission Control Protocol, Src Port: 20 (20), Dst Port: 5001 (5001),
Seq: 10081, Ack: 1, Len: 960
Source port: 20 (20)
Destination port: 5001 (5001)
Sequence number: 10081 (relative sequence number)
[Next sequence number: 11041 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x19
(FIN, PSH, ACK)
Window size: 66560 (scaled)
Checksum: 0x04ec [correct]
[SEQ/ACK analysis]
[This is an ACK to the
segment in frame: 37]
[The RTT to ACK the segment
was: 0.000308000 seconds]
FTP Data
[truncated]
FTP Data: \r\n
08-12-08 08:48AM 352459 sw4500admin.pdf\r\n0
8-12-08 08:48AM 23884510 Switch 4507.pdf\r\n
06-19-08 11:50AM 8448705 sybex - dictionary of
networking.pdf\r\n
03-10-09 08:01PM
No. Time Source Destination Protocol Info
39 9.402378 10.0.0.109 200.58.114.227 TCP 5001 > 20 [ACK] Seq=1 Ack=11042
Win=64576 Len=0
Frame 39 (54 bytes on wire, 54 bytes captured)
(control)
Ethernet II, Src: 00:1b:77:b3:80:a5 (00:1b:77:b3:80:a5), Dst:
00:15:63:40:55:5b (00:15:63:40:55:5b)
Internet Protocol, Src: 10.0.0.109 (10.0.0.109), Dst: 200.58.114.227
(200.58.114.227)
Transmission Control Protocol, Src Port: 5001 (5001), Dst Port: 20 (20),
Seq: 1, Ack: 11042, Len: 0
Source port: 5001 (5001)
Destination port: 20 (20)
Sequence number: 1 (relative sequence number)
Acknowledgement number:
11042 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 64576 (scaled)
Checksum: 0xc52d [correct]
[SEQ/ACK analysis]
[This is an ACK to the
segment in frame: 38]
[The RTT to ACK the segment
was: 0.000032000 seconds]
No. Time Source Destination Protocol Info
40 9.429208 10.0.0.109 200.58.114.227 TCP 5001 > 20 [FIN, ACK] Seq=1 Ack=11042
Win=64576 Len=0
Frame 40 (54 bytes on wire, 54 bytes captured)
(finalización puerto 20)
Ethernet II, Src: 00:1b:77:b3:80:a5 (00:1b:77:b3:80:a5), Dst:
00:15:63:40:55:5b (00:15:63:40:55:5b)
Internet Protocol, Src: 10.0.0.109 (10.0.0.109), Dst: 200.58.114.227
(200.58.114.227)
Transmission Control Protocol, Src Port: 5001 (5001), Dst Port: 20 (20),
Seq: 1, Ack: 11042, Len: 0
Source port: 5001 (5001)
Destination port: 20 (20)
Sequence number: 1 (relative sequence number)
Acknowledgement number:
11042 (relative ack number)
Header length: 20 bytes
Flags: 0x11 (FIN,
ACK)
Window size: 64576 (scaled)
Checksum: 0xc52c [correct]
No. Time Source Destination Protocol Info
41 9.462307 200.58.114.227 10.0.0.109 TCP 20 > 5001 [ACK] Seq=11042 Ack=2
Win=66560 Len=0
Frame 41 (60 bytes on wire, 60 bytes captured)
(acuse recibo finalización puerto 20)
Ethernet II, Src: 00:15:63:40:55:5b (00:15:63:40:55:5b), Dst:
00:1b:77:b3:80:a5 (00:1b:77:b3:80:a5)
Internet Protocol, Src: 200.58.114.227 (200.58.114.227), Dst: 10.0.0.109
(10.0.0.109)
Transmission Control Protocol, Src Port: 20 (20), Dst Port: 5001 (5001),
Seq: 11042, Ack: 2, Len: 0
Source port: 20 (20)
Destination port: 5001 (5001)
Sequence number: 11042 (relative sequence number)
Acknowledgement number: 2 (relative ack number)
Header length: 20 bytes
Flags: 0x10
(ACK)
Window size: 66560 (scaled)
Checksum: 0x4249 [correct]
[SEQ/ACK analysis]
[This is an ACK to the
segment in frame: 40]
[The RTT to ACK the segment
was: 0.033099000 seconds]
No. Time Source Destination Protocol Info
42 9.464128 10.0.0.109 200.58.114.227 TCP 1883 > 21 [ACK] Seq=53 Ack=231 Win=65306
Len=0
Frame 42 (54 bytes on wire, 54 bytes captured)
(control)
Ethernet II, Src: 00:1b:77:b3:80:a5 (00:1b:77:b3:80:a5), Dst:
00:15:63:40:55:5b (00:15:63:40:55:5b)
Internet Protocol, Src: 10.0.0.109 (10.0.0.109), Dst: 200.58.114.227
(200.58.114.227)
Transmission Control Protocol, Src Port: 1883 (1883), Dst Port: 21 (21),
Seq: 53, Ack: 231, Len: 0
Source port: 1883 (1883)
Destination port: 21 (21)
Sequence number: 53 (relative sequence number)
Acknowledgement number: 231 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 65306 (scaled)
Checksum: 0x2bd8 [correct]
[SEQ/ACK analysis]
[This is an ACK to the
segment in frame: 25]
[The RTT to ACK the segment
was: 0.131890000 seconds]
No. Time Source Destination Protocol Info
43 9.978004 200.58.114.227 10.0.0.109 FTP Response: 226-Directory has 78,400,737,280
bytes of disk space available.
Frame 43 (143 bytes on wire, 143 bytes captured)
Ethernet II, Src: 00:15:63:40:55:5b (00:15:63:40:55:5b), Dst:
00:1b:77:b3:80:a5 (00:1b:77:b3:80:a5)
Internet Protocol, Src: 200.58.114.227 (200.58.114.227), Dst: 10.0.0.109
(10.0.0.109)
Transmission Control Protocol, Src Port: 21 (21), Dst Port: 1883 (1883),
Seq: 231, Ack: 53, Len: 89
Source port: 21 (21)
Destination port: 1883 (1883)
Sequence number: 231 (relative sequence number)
[Next sequence number: 320
(relative sequence number)]
Acknowledgement number: 53 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 66560 (scaled)
Checksum: 0xbe20 [correct]
[SEQ/ACK analysis]
[This is an ACK to the
segment in frame: 42]
[The RTT to ACK the segment
was: 0.513876000 seconds]
File Transfer Protocol (FTP)
226-Directory has 78,400,737,280 bytes of disk space available.\r\n
226 Transfer complete.\r\n
No. Time
Source
Destination Protocol
Info
44 10.168207 10.0.0.109 200.58.114.227 TCP 1883 > 21 [ACK] Seq=53 Ack=320
Win=65216 Len=0
Frame 44 (54 bytes on wire, 54 bytes captured)
(control)
Ethernet II, Src: 00:1b:77:b3:80:a5 (00:1b:77:b3:80:a5), Dst:
00:15:63:40:55:5b (00:15:63:40:55:5b)
Internet Protocol, Src: 10.0.0.109 (10.0.0.109), Dst: 200.58.114.227
(200.58.114.227)
Transmission Control Protocol, Src Port: 1883 (1883), Dst Port: 21 (21),
Seq: 53, Ack: 320, Len: 0
Source port: 1883 (1883)
Destination port: 21 (21)
Sequence number: 53 (relative sequence number)
Acknowledgement number: 320 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 65216 (scaled)
Checksum: 0x2bac [correct]
[SEQ/ACK analysis]
[This is an ACK to the
segment in frame: 43]
[The RTT to ACK the segment
was: 0.190203000 seconds]
No. Time Source Destination Protocol Info
45 11.277844 10.0.0.109 200.58.114.227 FTP
Request: QUIT
Frame 45 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: 00:1b:77:b3:80:a5 (00:1b:77:b3:80:a5), Dst:
00:15:63:40:55:5b (00:15:63:40:55:5b)
Internet Protocol, Src: 10.0.0.109 (10.0.0.109), Dst: 200.58.114.227
(200.58.114.227)
Transmission Control Protocol, Src Port: 1883 (1883), Dst Port: 21 (21),
Seq: 53, Ack: 320, Len: 6
Source port: 1883 (1883)
Destination port: 21 (21)
Sequence number: 53 (relative sequence number)
[Next sequence number: 59 (relative sequence number)]
Acknowledgement number: 320 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 65216 (scaled)
Checksum: 0x83ea [correct]
File Transfer Protocol (FTP)
QUIT\r\n
No. Time Source Destination Protocol Info
46 11.311174 200.58.114.227 10.0.0.109 FTP Response: 221 Goodbye.
Frame 46 (68 bytes on wire, 68 bytes captured)
Ethernet II, Src: 00:15:63:40:55:5b (00:15:63:40:55:5b), Dst:
00:1b:77:b3:80:a5 (00:1b:77:b3:80:a5)
Internet Protocol, Src: 200.58.114.227 (200.58.114.227), Dst: 10.0.0.109
(10.0.0.109)
Transmission Control Protocol, Src Port: 21 (21), Dst Port: 1883 (1883),
Seq: 320, Ack: 59, Len: 14
Source port: 21 (21)
Destination port: 1883 (1883)
Sequence number: 320 (relative sequence number)
[Next sequence number: 334 (relative sequence number)]
Acknowledgement number: 59 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 66560 (scaled)
Checksum: 0xbb14 [correct]
[SEQ/ACK analysis]
[This is an ACK to the
segment in frame: 45]
[The RTT to ACK the segment
was: 0.033330000 seconds]
File Transfer Protocol (FTP)
221 Goodbye.\r\n
No. Time Source Destination Protocol Info
47 11.312071 10.0.0.109 200.58.114.227 TCP 1883 > 21 [RST, ACK] Seq=59
Ack=334 Win=0 Len=0
Frame 47 (54 bytes on wire, 54 bytes captured)
(finalización puerto 21)
Ethernet II, Src: 00:1b:77:b3:80:a5 (00:1b:77:b3:80:a5), Dst:
00:15:63:40:55:5b (00:15:63:40:55:5b)
Internet Protocol, Src: 10.0.0.109 (10.0.0.109), Dst: 200.58.114.227
(200.58.114.227)
Transmission Control Protocol, Src Port: 1883 (1883), Dst Port: 21 (21),
Seq: 59, Ack: 334, Len: 0
Source port: 1883 (1883)
Destination port: 21 (21)
Sequence number: 59 (relative sequence number)
Acknowledgement number: 334 (relative ack number)
Header length: 20 bytes
Flags: 0x14
(RST, ACK) (detalle: no es FIN sino RST (reset))
Window size: 0
Checksum: 0xaaf4 [correct]
[SEQ/ACK analysis]
[This is an ACK to the
segment in frame: 46]
[The RTT to ACK the segment
was: 0.000897000 seconds]
Final
alternativo (correcto)
No. Time Source Destination Protocol Info
18 6.911975 200.58.114.227 10.0.0.102 FTP Response: 221 Goodbye.
Frame 18 (68 bytes on wire, 68 bytes captured)
Ethernet II, Src: 00:15:63:40:55:5b (00:15:63:40:55:5b), Dst:
00:1b:77:b3:80:a5 (00:1b:77:b3:80:a5)
Internet Protocol, Src: 200.58.114.227 (200.58.114.227), Dst: 10.0.0.102
(10.0.0.102)
Transmission Control Protocol, Src Port: 21 (21), Dst Port: 1695 (1695),
Seq: 148, Ack: 29, Len: 14
Source port: 21 (21)
Destination port: 1695 (1695)
Sequence number: 148 (relative sequence number)
[Next sequence number: 162 (relative sequence number)]
Acknowledgement number: 29 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 66560 (scaled)
Checksum: 0xab1e [correct]
[SEQ/ACK analysis]
[This is an ACK to the
segment in frame: 17]
[The RTT to ACK the segment
was: 0.035404000 seconds]
File Transfer Protocol (FTP)
No. Time Source Destination Protocol Info
19 6.913048 10.0.0.102 200.58.114.227 TCP 1695 > 21 [FIN, ACK] Seq=29
Ack=162 Win=65374 Len=0
Frame 19 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 00:1b:77:b3:80:a5 (00:1b:77:b3:80:a5), Dst:
00:15:63:40:55:5b (00:15:63:40:55:5b)
Internet Protocol, Src: 10.0.0.102 (10.0.0.102), Dst: 200.58.114.227
(200.58.114.227)
Transmission Control Protocol, Src Port: 1695 (1695), Dst Port: 21 (21), Seq:
29, Ack: 162, Len: 0
Source port: 1695 (1695)
Destination port: 21 (21)
Sequence number: 29 (relative sequence number)
Acknowledgement number: 162 (relative ack number)
Header length: 20 bytes
Flags: 0x11 (FIN, ACK) (etiqueta (1) en gráfico)
Window size: 65374 (scaled)
Checksum: 0x1b52 [correct]
[SEQ/ACK analysis]
[This is an ACK to the
segment in frame: 18]
No. Time Source Destination Protocol Info
20 7.299637 200.58.114.227 10.0.0.102 TCP 21 > 1695 [FIN, ACK] Seq=162 Ack=30 Win=66560
Len=0
Frame 20 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: 00:15:63:40:55:5b (00:15:63:40:55:5b), Dst:
00:1b:77:b3:80:a5 (00:1b:77:b3:80:a5)
Internet Protocol, Src: 200.58.114.227 (200.58.114.227), Dst: 10.0.0.102
(10.0.0.102)
Transmission Control Protocol, Src Port: 21 (21), Dst Port: 1695 (1695),
Seq: 162, Ack: 30, Len: 0
Source port: 21 (21)
Destination port: 1695 (1695)
Sequence number: 162 (relative sequence number)
Acknowledgement number: 30 (relative ack number)
Header length: 20 bytes
Flags: 0x11 (FIN, ACK) (etiqueta (2) y (3) en gráfico)
Window size: 66560 (scaled)
Checksum: 0x99fc [correct]
[SEQ/ACK analysis]
[This is an ACK to the
segment in frame: 19]
[The RTT to ACK the segment
was: 0.386589000 seconds]
No. Time Source
Destination Protocol Info
21 7.299678 10.0.0.102 200.58.114.227 TCP
1695 > 21 [ACK] Seq=30 Ack=163 Win=65374 Len=0
Frame 21 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 00:1b:77:b3:80:a5 (00:1b:77:b3:80:a5), Dst:
00:15:63:40:55:5b (00:15:63:40:55:5b)
Internet Protocol, Src: 10.0.0.102 (10.0.0.102), Dst: 200.58.114.227
(200.58.114.227)
Transmission Control Protocol, Src Port: 1695 (1695), Dst Port: 21 (21),
Seq: 30, Ack: 163, Len: 0
Source port: 1695 (1695)
Destination port: 21 (21)
Sequence number: 30 (relative sequence number)
Acknowledgement number: 163 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK) (etiqueta (4) en gráfico)
Window size: 65374 (scaled)
Checksum: 0x1b51 [correct]
[SEQ/ACK analysis]
[This is an ACK to the
segment in frame: 20]
[The RTT to ACK the segment
was: 0.000041000 seconds]
Análisis
de una trama de datos con la carga (MTU) completa:
No. Time Source Destination Protocol Info
361 62.152091 200.58.114.227 10.0.0.102 FTP-DATA FTP Data: 1260 bytes
Frame 361 (1314 bytes on wire, 1314 bytes captured)
Ethernet II, Src: 00:15:63:40:55:5b (00:15:63:40:55:5b), Dst:
00:1b:77:b3:80:a5 (00:1b:77:b3:80:a5)
Internet Protocol, Src: 200.58.114.227 (200.58.114.227), Dst: 10.0.0.102
(10.0.0.102)
Transmission Control Protocol, Src Port: 20 (20), Dst Port: 1690 (1690),
Seq: 209581, Ack: 1, Len: 1260
Source port: 20 (20)
Destination port: 1690 (1690)
Sequence number: 209581 (relative sequence number)
[Next sequence number:
210841 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 66560 (scaled)
Checksum: 0xe235 [correct]
FTP Data
[truncated]
FTP Data: 4 00000 n\r\n0000192501 00000 n\r\n0000192548 00000 n\r\n0000192595
00000 n\r\n0000192642
00000 n\r\n0000192689 00000
n\r\n0000192736 00000 n\r\n0000192783 00000 n\r\n0000192830 00000
n\r\n0000192877
00000 n\r\n000019
Verificamos
el tamaño máximo de carga:
C:\>ping
Uso: ping [-t] [-a] [-n cuenta] [-l tamaño] [-f] [-i TTL] [-v TOS]
[-r cuenta] [-s cuenta]
[[-j lista-host] | [-k lista-host]]
[-w tiempo de espera]
nombre-destino
Opciones:
-t Ping el host especificado hasta
que se pare.
Para ver
estadísticas y continuar - presionar Control-Inter;
Parar - presionar
Control-C.
-a Resolver direcciones en nombres de
host.
-n cuenta Número de peticiones eco para enviar.
-l tamaño Enviar tamaño del búfer.
-f Establecer No fragmentar el
indicador en paquetes.
-i TTL Tiempo de vida.
-v TOS Tipo de servicio.
-r cuenta Ruta del registro para la cuenta de
saltos.
-s count Sello de hora para la cuenta de saltos.
-j lista-host Afloja la ruta de origen a lo largo de la
lista- host.
-k lista-host Restringir la ruta de origen a lo largo de la
lista- host.
-w tiempo de espera Tiempo de espera en milisegundos para
esperar cada
respuesta.
C:\>ping -f -l 1273 8.8.8.8 (luego de varias
pruebas, se llegó a este valor)
Haciendo ping a 8.8.8.8 con 1273 bytes de datos:
Es necesario fragmentar el paquete pero se especificó DF.
Es necesario fragmentar el paquete pero se especificó DF.
Es necesario fragmentar el paquete pero se especificó DF.
Es necesario fragmentar el paquete pero se especificó DF.
Estadísticas de ping para 8.8.8.8:
Paquetes: enviados = 4, recibidos
= 0, perdidos = 4
(100% perdidos),
C:\>ping -f -l 1272 8.8.8.8 (valor inmediato
inferior)
Haciendo ping a 8.8.8.8 con 1272 bytes de datos:
Respuesta desde 8.8.8.8: bytes=64 (enviados 1272) tiempo=55ms TTL=49
Respuesta desde 8.8.8.8: bytes=64 (enviados 1272) tiempo=53ms TTL=49
Respuesta desde 8.8.8.8: bytes=64 (enviados 1272) tiempo=53ms TTL=49
Respuesta desde 8.8.8.8: bytes=64 (enviados 1272) tiempo=56ms TTL=49
Estadísticas de ping para 8.8.8.8:
Paquetes: enviados = 4, recibidos
= 4, perdidos = 0
(0% perdidos),
Tiempos aproximados de ida y vuelta en milisegundos:
Mínimo = 53ms, Máximo = 56ms,
Media = 54ms
C:\>
Sitio
de interés sobre configurar tamaño de MTU en Windows: http://support.microsoft.com/kb/314053
Resumen
del flujo TCP:
|Time | 10.0.0.109 | 200.58.114.227 ||0,066 | SYN | |Seq = 0 Ack = 3642255087| |(1883) ------------------> (21) ||0,099 | SYN, ACK | |Seq = 0 Ack = 1| |(1883) <------------------ (21) ||0,099 | ACK | |Seq = 1 Ack = 1| |(1883) ------------------> (21) ||0,130 | PSH, ACK - Len: 27 |Seq = 1 Ack = 1| |(1883) <------------------ (21) ||0,311 | ACK | |Seq = 1 Ack = 28| |(1883) ------------------> (21) ||3,215 | PSH, ACK - Len: 11 |Seq = 1 Ack = 28| |(1883) ------------------> (21) ||3,247 | PSH, ACK - Len: 33 |Seq = 28 Ack = 12| |(1883) <------------------ (21) ||3,429 | ACK | |Seq = 12 Ack = 61| |(1883) ------------------> (21) ||4,902 | PSH, ACK - Len: 11 |Seq = 12 Ack = 61| |(1883) ------------------> (21) ||5,142 | ACK | |Seq = 61 Ack = 23| |(1883) <------------------ (21) ||6,005 | PSH, ACK - Len: 65 |Seq = 61 Ack = 23| |(1883) <------------------ (21) ||6,145 | ACK | |Seq = 23 Ack = 126| |(1883) ------------------> (21) ||6,640 | PSH, ACK - Len: 21 |Seq = 126 Ack = 23| |(1883) <------------------ (21) ||6,748 | ACK | |Seq = 23 Ack = 147| |(1883) ------------------> (21) ||9,264 | PSH, ACK - Len: 24 |Seq = 23 Ack = 147| |(1883) ------------------> (21) ||9,298 | SYN | |Seq = 0 Ack = 1687951182| |(5001) <------------------ (20) ||9,298 | SYN, ACK | |Seq = 0 Ack = 1| |(5001) ------------------> (20) ||9,298 | PSH, ACK - Len: 30 |Seq = 147 Ack = 47| |(1883) <------------------ (21) ||9,300 | PSH, ACK - Len: 6 |Seq = 47 Ack = 177| |(1883) ------------------> (21) ||9,330 | ACK | |Seq = 1 Ack = 1| |(5001) <------------------ (20) ||9,332 | PSH, ACK - Len: 54 |Seq = 177 Ack = 53| |(1883) <------------------ (21) ||9,334 | ACK - Len: 1260 |Seq = 1 Ack = 1| |(5001) <------------------ (20) |(envía data)
|9,335 | ACK - Len: 1260 |Seq = 1261 Ack = 1| |(5001) <------------------ (20) |(envía data)
|9,335 | ACK | |Seq = 1 Ack = 2521| |(5001) ------------------> (20) |
|9,367 | ACK - Len: 1260 |Seq = 2521 Ack = 1| |(5001) <------------------ (20) |(envía data)
|9,367 | ACK - Len: 1260 |Seq = 3781 Ack = 1| |(5001) <------------------ (20) |(envía data)
|9,367 | ACK | |Seq = 1 Ack = 5041| |(5001) ------------------> (20) |
|9,367 | ACK - Len: 1260 |Seq = 5041 Ack = 1| |(5001) <------------------ (20) |(envía data)
|9,368 | ACK - Len: 1260 |Seq = 6301 Ack = 1| |(5001) <------------------ (20) |(envía data)
|9,368 | ACK | |Seq = 1 Ack = 7561| |(5001) ------------------> (20) |
|9,402 | ACK - Len: 1260 |Seq = 7561 Ack = 1| |(5001) <------------------ (20) |(envía data)
|9,402 | ACK - Len: 1260 |Seq = 8821 Ack = 1| |(5001) <------------------ (20) |(envía data)
|9,402 | ACK | |Seq = 1 Ack = 10081| |(5001) ------------------> (20) |
|9,402 | FIN, PSH, ACK - Len: 960 |Seq = 10081 Ack = 1| |(5001) <------------------ (20) |(no hay mas data, cierra canal)
|9,402 | ACK | |Seq = 1 Ack = 11042| |(5001) ------------------> (20) ||9,429 | FIN, ACK | |Seq = 1 Ack = 11042| |(5001) ------------------> (20) ||9,462 | ACK | |Seq = 11042 Ack = 2| |(5001) <------------------ (20) ||9,464 | ACK | |Seq = 53 Ack = 231| |(1883) ------------------> (21) ||9,978 | PSH, ACK - Len: 89 |Seq = 231 Ack = 53| |(1883) <------------------ (21) ||10,168 | ACK | |Seq = 53 Ack = 320| |(1883) ------------------> (21) ||11,278 | PSH, ACK - Len: 6 |Seq = 53 Ack = 320| |(1883) ------------------> (21) ||11,311 | PSH, ACK - Len: 14 |Seq = 320 Ack = 59| |(1883) <------------------ (21) ||11,312 | RST, ACK | |Seq = 59 Ack = 334| |(1883) ------------------> (21) |
(2012) Tales from uncle Ernest
Rosario, Argentina