Ethereal-users: [Ethereal-users] Abortive Capture

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Muzalina Zakaria <muzalina_zakaria@xxxxxxxxx>
Date: Fri, 24 Dec 2004 05:59:29 -0800 (PST)
Hi,
 
I did captures on my GPRS phone which act as modem (FTP file download) and some of them freezed up in the middle of transfer.  I usually waited around 3 minutes before I aborted the connections.  What greatly puzzle me is the different 'ending' of each abortive capture.  I am attaching the file and appreciate if anyone can help explain this.  By the way, I am using WinPcap 3.1 beta 3 with ethereal latest and Windows XP SP1.
 
By the way, anyone know why there is no TCP activity at all when the captures freeze for about 3 minutes (i.e. before I abort them)? 
 
Regards. 

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com 

Abort_1

No.     Time                       Source                Destination           Protocol Info
    301 2004-12-12 14:40:00.036254 10.32.168.75          216.250.128.13        TCP      4557 > ftp-data [ACK] Seq=1 Ack=204169 Win=17520 Len=0 TSV=1128814 TSER=454554519
    302 2004-12-12 14:43:10.740473 10.32.168.75          216.250.128.13        TCP      4552 > ftp [FIN, ACK] Seq=84 Ack=152 Win=16980 Len=0
    303 2004-12-12 14:43:10.950776 10.32.168.75          216.250.128.13        TCP      4557 > ftp-data [FIN, ACK] Seq=1 Ack=204169 Win=17520 Len=0 TSV=1130723 TSER=454554519
    304 2004-12-12 14:43:11.932187 216.250.128.13        10.32.168.75          FTP-DATA FTP Data: 1448 bytes
    305 2004-12-12 14:43:11.942201 216.250.128.13        10.32.168.75          TCP      ftp > 4552 [ACK] Seq=152 Ack=85 Win=5840 Len=0
    306 2004-12-12 14:43:11.942201 10.32.168.75          216.250.128.13        TCP      4557 > ftp-data [RST] Seq=2 Ack=3101885966 Win=0 Len=0
    307 2004-12-12 14:43:11.952216 216.250.128.13        10.32.168.75          TCP      [TCP Previous segment lost] ftp-data > 4557 [ACK] Seq=214305 Ack=2 Win=5840 Len=0 TSV=454573874 TSER=1130723
    308 2004-12-12 14:43:11.962230 10.32.168.75          216.250.128.13        TCP      4557 > ftp-data [RST] Seq=2 Ack=3588351149 Win=0 Len=0
    309 2004-12-12 14:43:12.693281 216.250.128.13        10.32.168.75          FTP      Response: 451 Transfer aborted. Broken pipe
    310 2004-12-12 14:43:12.703296 10.32.168.75          216.250.128.13        TCP      4552 > ftp [RST] Seq=85 Ack=3683844087 Win=0 Len=0
    311 2004-12-12 14:43:12.723324 216.250.128.13        10.32.168.75          TCP      ftp > 4552 [FIN, ACK] Seq=187 Ack=85 Win=5840 Len=0
    312 2004-12-12 14:43:12.733339 10.32.168.75          216.250.128.13        TCP      4552 > ftp [RST] Seq=85 Ack=3659039732 Win=0 Len=0

Abort_2

No.     Time                       Source                Destination           Protocol Info
    414 2004-12-05 15:02:42.385481 10.32.164.99          216.250.128.13        TCP      [TCP Dup ACK 406#4] 3262 > ftp-data [ACK] Seq=1 Ack=285257 Win=16072 Len=0 TSV=200534 TSER=394212754 SLE=413626827 SRE=413632619
    415 2004-12-05 15:06:08.451790 10.32.164.99          216.250.128.13        TCP      3254 > ftp [FIN, ACK] Seq=76 Ack=133 Win=16628 Len=0
    416 2004-12-05 15:06:08.732193 10.32.164.99          216.250.128.13        TCP      3262 > ftp-data [FIN, ACK] Seq=1 Ack=285257 Win=16072 Len=0 TSV=202597 TSER=394212754
    417 2004-12-05 15:06:09.733633 216.250.128.13        10.32.164.99          FTP-DATA [TCP Retransmission] FTP Data: 1448 bytes
    418 2004-12-05 15:06:09.733633 10.32.164.99          216.250.128.13        TCP      3262 > ftp-data [ACK] Seq=2 Ack=292497 Win=8832 Len=0 TSV=202607 TSER=394228807
    419 2004-12-05 15:06:09.743648 216.250.128.13        10.32.164.99          TCP      [TCP Previous segment lost] ftp-data > 3262 [ACK] Seq=301185 Ack=2 Win=5840 Len=0 TSV=394234480 TSER=202597
    420 2004-12-05 15:06:09.743648 216.250.128.13        10.32.164.99          TCP      ftp > 3254 [ACK] Seq=133 Ack=77 Win=5840 Len=0
    421 2004-12-05 15:06:09.743648 10.32.164.99          216.250.128.13        TCP      3262 > ftp-data [RST] Seq=2 Ack=4275855981 Win=0 Len=0

Abort_3

No.     Time                       Source                Destination           Protocol Info
    188 2004-12-12 14:25:16.956448 10.32.168.75          216.250.128.13        TCP      [TCP Dup ACK 174#7] 4551 > ftp-data [ACK] Seq=1 Ack=117289 Win=16072 Len=0 TSV=1119983 TSER=454466038 SLE=766345675 SRE=766355811
    189 2004-12-12 14:28:10.135467 10.32.168.75          216.250.128.13        TCP      4544 > ftp [FIN, ACK] Seq=76 Ack=133 Win=16628 Len=0
    190 2004-12-12 14:28:10.415870 10.32.168.75          216.250.128.13        TCP      4551 > ftp-data [FIN, ACK] Seq=1 Ack=117289 Win=16072 Len=0 TSV=1121718 TSER=454466038
    191 2004-12-12 14:28:11.337195 216.250.128.13        10.32.168.75          TCP      ftp > 4544 [ACK] Seq=133 Ack=77 Win=5840 Len=0
    192 2004-12-12 14:28:11.347209 216.250.128.13        10.32.168.75          TCP      [TCP Previous segment lost] ftp-data > 4551 [ACK] Seq=133217 Ack=2 Win=5840 Len=0 TSV=454483817 TSER=1121718

Abort_4

No.     Time                       Source                Destination           Protocol Info
    697 2004-12-12 15:00:11.548323 216.250.128.13        10.32.168.75          FTP-DATA FTP Data: 1448 bytes
    698 2004-12-12 15:00:11.558337 10.32.168.75          216.250.128.13        TCP      4572 > ftp-data [ACK] Seq=1 Ack=498113 Win=17520 Len=0 TSV=1140929 TSER=454675565
    This capture doesn't even show the 3 minutes freeze period and just end here!