Annotated tcpdump packet trace on hacker system

# Hacker -< Server:21 TCP Handshake

15:29:27.515279 195.102.196.156.1035 > 194.217.26.147.21: S 2701514772:2701514772(0)
15:29:27.701995 194.217.26.147.21 > 195.102.196.156.1035: S 895641944:895641944(0) ack 2701514773
15:29:27.702015 195.102.196.156.1035 > 194.217.26.147.21: . ack 1

# Server:21 -< Hacker "220 FTP server ready."

15:29:27.871904 194.217.26.147.21 > 195.102.196.156.1035: P 1:24(23) ack 1 15:29:27.871939 195.102.196.156.1035 > 194.217.26.147.21: . ack 24

# Hacker -< Server:21 "USER anonymous"

15:29:40.236820 195.102.196.156.1035 > 194.217.26.147.21: P 1:17(16) ack 24 15:29:40.445613 194.217.26.147.21 > 195.102.196.156.1035: . ack 17

# Server:21 -< Hacker "331 Guest login ok, send your complete e-mail..."

15:29:40.465603 194.217.26.147.21 > 195.102.196.156.1035: P 24:92(68) ack 17 15:29:40.485595 195.102.196.156.1035 > 194.217.26.147.21: . ack 92

# Hacker -< Server:21 "PASS rsh@"

15:29:47.540744 195.102.196.156.1035 > 194.217.26.147.21: P 17:28(11) ack 92

# Server:21 -< Hacker "230 Guest login ok, access restrictions apply"

15:29:47.701986 194.217.26.147.21 > 195.102.196.156.1035: P 92:140(48) ack 28 15:29:47.721976 195.102.196.156.1035 > 194.217.26.147.21: . ack 140

# Hacker -< Server:21 "PORT 195,102,193,28,38,148"

(195.102.193.28:9876) 15:30:13.461336 195.102.196.156.1035 > 194.217.26.147.21: P 28:56(28) ack 140

# Server:21 -< Hacker "200 PORT command successful."

15:30:13.609038 194.217.26.147.21 > 195.102.196.156.1035: P 140:170(30) ack 56 15:30:13.629016 195.102.196.156.1035 > 194.217.26.147.21: . ack 170

# Hacker -< Server:21 "LIST"

15:30:19.304577 195.102.196.156.1035 > 194.217.26.147.21: P 56:62(6) ack 170

# Server:21 -< Hacker "150 Opening ASCII mode data connection for..."

15:30:19.536058 194.217.26.147.21 > 195.102.196.156.1035: P 170:233(63) ack 62 15:30:19.556049 195.102.196.156.1035 > 194.217.26.147.21: . ack 233

# Server:21 -< Hacker "226 Transfer complete."

15:30:19.895884 194.217.26.147.21 > 195.102.196.156.1035: P 233:257(24) ack 62 15:30:19.915869 195.102.196.156.1035 > 194.217.26.147.21: . ack 257

# Hacker -< Server:21 "QUIT"

15:30:25.742806 195.102.196.156.1035 > 194.217.26.147.21: P 62:68(6) ack 257

# Server:21 -< Hacker "221-You have transferred..."

15:30:25.932862 194.217.26.147.21 > 195.102.196.156.1035: P 257:441(184) ack 68

# TCP Connection Shutdown

15:30:25.942866 194.217.26.147.21 > 195.102.196.156.1035: F 441:441(0) ack 68 15:30:25.942890 195.102.196.156.1035 > 194.217.26.147.21: . ack 442 15:30:25.943188 195.102.196.156.1035 > 194.217.26.147.21: F 68:68(0) ack 442 15:30:26.092781 194.217.26.147.21 > 195.102.196.156.1035: . ack 69

Site disclaimer | Privacy Policy | Terms and Conditions | Tel: +44 1634 721 855 | Email: marketing@nta-monitor.com           © NTA Monitor Ltd. 2010