Annotated tcpdump packet trace on hacker system

# Hacker -< Server:21 TCP Handshake

15:29:27.515279 195.102.196.156.1035 > 194.217.26.147.21: S 2701514772:2701514772(0)
15:29:27.701995 194.217.26.147.21 > 195.102.196.156.1035: S 895641944:895641944(0) ack 2701514773
15:29:27.702015 195.102.196.156.1035 > 194.217.26.147.21: . ack 1

# Server:21 -< Hacker "220 FTP server ready."

15:29:27.871904 194.217.26.147.21 > 195.102.196.156.1035: P 1:24(23) ack 1 15:29:27.871939 195.102.196.156.1035 > 194.217.26.147.21: . ack 24

# Hacker -< Server:21 "USER anonymous"

15:29:40.236820 195.102.196.156.1035 > 194.217.26.147.21: P 1:17(16) ack 24 15:29:40.445613 194.217.26.147.21 > 195.102.196.156.1035: . ack 17

# Server:21 -< Hacker "331 Guest login ok, send your complete e-mail..."

15:29:40.465603 194.217.26.147.21 > 195.102.196.156.1035: P 24:92(68) ack 17 15:29:40.485595 195.102.196.156.1035 > 194.217.26.147.21: . ack 92

# Hacker -< Server:21 "PASS rsh@"

15:29:47.540744 195.102.196.156.1035 > 194.217.26.147.21: P 17:28(11) ack 92

# Server:21 -< Hacker "230 Guest login ok, access restrictions apply"

15:29:47.701986 194.217.26.147.21 > 195.102.196.156.1035: P 92:140(48) ack 28 15:29:47.721976 195.102.196.156.1035 > 194.217.26.147.21: . ack 140

# Hacker -< Server:21 "PORT 195,102,193,28,38,148"

(195.102.193.28:9876) 15:30:13.461336 195.102.196.156.1035 > 194.217.26.147.21: P 28:56(28) ack 140

# Server:21 -< Hacker "200 PORT command successful."

15:30:13.609038 194.217.26.147.21 > 195.102.196.156.1035: P 140:170(30) ack 56 15:30:13.629016 195.102.196.156.1035 > 194.217.26.147.21: . ack 170

# Hacker -< Server:21 "LIST"

15:30:19.304577 195.102.196.156.1035 > 194.217.26.147.21: P 56:62(6) ack 170

# Server:21 -< Hacker "150 Opening ASCII mode data connection for..."

15:30:19.536058 194.217.26.147.21 > 195.102.196.156.1035: P 170:233(63) ack 62 15:30:19.556049 195.102.196.156.1035 > 194.217.26.147.21: . ack 233

# Server:21 -< Hacker "226 Transfer complete."

15:30:19.895884 194.217.26.147.21 > 195.102.196.156.1035: P 233:257(24) ack 62 15:30:19.915869 195.102.196.156.1035 > 194.217.26.147.21: . ack 257

# Hacker -< Server:21 "QUIT"

15:30:25.742806 195.102.196.156.1035 > 194.217.26.147.21: P 62:68(6) ack 257

# Server:21 -< Hacker "221-You have transferred..."

15:30:25.932862 194.217.26.147.21 > 195.102.196.156.1035: P 257:441(184) ack 68

# TCP Connection Shutdown

15:30:25.942866 194.217.26.147.21 > 195.102.196.156.1035: F 441:441(0) ack 68 15:30:25.942890 195.102.196.156.1035 > 194.217.26.147.21: . ack 442 15:30:25.943188 195.102.196.156.1035 > 194.217.26.147.21: F 68:68(0) ack 442 15:30:26.092781 194.217.26.147.21 > 195.102.196.156.1035: . ack 69

Latest News

New version of network scanning tool arp-scan released

Tests show rise in number of vulnerabilities affecting web applications with SQL Injection and XSS most common flaws

Assess risk to manage effects of budget cuts

"Basic security threats not changed in 15 years"

Annotated tcpdump packet trace on hacker system

# Hacker -< Server:21 TCP Handshake

# Server:21 -< Hacker "220 FTP server ready."

# Hacker -< Server:21 "USER anonymous"

# Server:21 -< Hacker "331 Guest login ok, send your complete e-mail..."

# Hacker -< Server:21 "PASS rsh@"

# Server:21 -< Hacker "230 Guest login ok, access restrictions apply"

# Hacker -< Server:21 "PORT 195,102,193,28,38,148"

# Server:21 -< Hacker "200 PORT command successful."

# Hacker -< Server:21 "LIST"

# Server:21 -< Hacker "150 Opening ASCII mode data connection for..."

# Server:21 -< Hacker "226 Transfer complete."

# Hacker -< Server:21 "QUIT"

# Server:21 -< Hacker "221-You have transferred..."

# TCP Connection Shutdown