Identify the TCP connections that are created in the FTP session, and record the port numbers at the source and at the destination.
What will be an ideal response?
There are two TCP connections in the FTP session; one is for control and the other is for data transmission. The server port and client port numbers are 21 and 3051 for control and 61409 and 3052 for data transmission.
```
Frame 34 (80 bytes on wire, 80 bytes captured)
Arrival Time: Aug 23, 2003 02:59:50.388854000
Time delta from previous packet: 9.395905000 seconds
Time relative to first packet: 9.395905000 seconds
Frame Number: 34
Packet Length: 80 bytes
Capture Length: 80 bytes
Ethernet II, Src: 00:06:5b:4b:e1:da, Dst: 00:06:5b:4b:e0:dd
Destination: 00:06:5b:4b:e0:dd (10.0.5.11)
Source: 00:06:5b:4b:e1:da (10.0.5.22)
Type: IP (0x0800)
Internet Protocol, Src Addr: 10.0.5.22 (10.0.5.22), Dst Addr: 10.0.5.11 (10.0.5.11)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00)
0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 66
Identification: 0xa828 (43048)
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x745d (correct)
Source: 10.0.5.22 (10.0.5.22)
Destination: 10.0.5.11 (10.0.5.11)
Transmission Control Protocol, Src Port: 3051 (3051) , Dst Port: ftp (21) ,
Seq: 4217389071, Ack: 4240207944, Len: 14
Source port: 3051 (3051)
Destination port: ftp (21)
Sequence number: 4217389071
Next sequence number: 4217389085
Acknowledgement number: 4240207944
Header length: 32 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 5840
Checksum: 0x8a6a (correct)
Options: (12 bytes)
NOP
NOP
Time stamp: tsval 1088337, tsecr 1088539
File Transfer Protocol (FTP)
RETR large.d\r\n
Request command: RETR
Request arg: large.d
```
Data Transmission
```
Frame 36 (1514 bytes on wire, 1514 bytes captured)
Arrival Time: Aug 23, 2003 02:59:50.389568000
Time delta from previous packet: 9.396619000 seconds
Time relative to first packet: 9.396619000 seconds
Frame Number: 36
Packet Length: 1514 bytes
Capture Length: 1514 bytes
Ethernet II, Src: 00:06:5b:4b:e0:dd, Dst: 00:06:5b:4b:e1:da
Destination: 00:06:5b:4b:e1:da (10.0.5.22)
Source: 00:06:5b:4b:e0:dd (10.0.5.11)
Type: IP (0x0800)
Internet Protocol, Src Addr: 10.0.5.11 (10.0.5.11), Dst Addr: 10.0.5.22
(10.0.5.22)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x08 (DSCP 0x02: Unknown DSCP; ECN: 0x00)
0000 10.. = Differentiated Services Codepoint: Unknown (0x02)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 1500
Identification: 0x103b (4155)
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x06b9 (correct)
Source: 10.0.5.11 (10.0.5.11)
Destination: 10.0.5.22 (10.0.5.22)
Transmission Control Protocol, Src Port: 61409 (61409), Dst Port: 3052 (3052),
Seq: 4238707751, Ack: 4220377583, Len: 1448
Source port: 61409 (61409)
```
Destination port: 3052 (3052)
```
Sequence number: 4238707751
Next sequence number: 4238709199
Acknowledgement number: 4220377583
Header length: 32 bytes
Flags: 0x0010 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 5792
Checksum: 0x23ef (incorrect, should be 0xde08)
Options: (12 bytes)
NOP
NOP
Time stamp: tsval 1088540, tsecr 1088337
```
FTP Data
```
ELF\001\001\001\000\000\000\000\000\000\000\000\000\003\000\003\000\001\000\000\00
0\254%\001\0004\000\000\000`$\016\000\000\000\000\0004\000
\000\003\000(\000\036\000\033\000\001\000\000\000\000\000\000\000\000\
000\000\000\000\0
```
You might also like to view...
A ____ is a block of code that performs a specific task.
A. Sub code B. Sub section C. Sub procedure D. Sub method
Apple's iPhone series does NOT allow you to add any memory
Indicate whether the statement is true or false
An ___________ is a file that is sent along with an e-mail message
Fill in the blank(s) with the appropriate word(s).
An experiential learner and a kinesthetic learner are two words that mean the same thing.
Answer the following statement true (T) or false (F)