anshaohui's profile - activity

In this packet:

No.     Time                          Source                Destination           Protocol Length Info
      5 2012-01-18 13:49:07.908220    10.46.206.14          10.46.212.81          FTP      65     Request: USER root

Frame 5: 65 bytes on wire (520 bits), 65 bytes captured (520 bits)
Ethernet II, Src: Wistron_31:77:41 (00:1f:16:31:77:41), Dst: Zte_03:da:35 (00:19:c6:03:da:35)
Internet Protocol Version 4, Src: 10.46.206.14, Dst: 10.46.212.81   
Transmission Control Protocol, Src Port: 56053, Dst Port: 21, Seq: 1, Ack: 22, Len: 11    
    Source Port: 56053
    Destination Port: 21
    [Stream index: 0]
    [TCP Segment Len: 11]
    Sequence number: 1    (relative sequence number)
    [Next sequence number: 12    (relative sequence number)]
    Acknowledgment number: 22    (relative ack number)
    0101 .... = Header Length: 20 bytes (5)
    Flags: 0x018 (PSH, ACK)
    Window size value: 16419
    [Calculated window size: 65676]
    [Window size scaling factor: 4]
    Checksum: 0xb6e1 [unverified]
    [Checksum Status: Unverified]
    Urgent pointer: 0
    [SEQ/ACK analysis]
    TCP payload (11 bytes)
File Transfer Protocol (FTP)
    USER root\r\n
        Request command: USER
        Request arg: root

-----from TCP layer,there is no info indicate upper application is ftp,how does wireshark know it ,thanks

thanks for your response. I have some SMPP(short message peer to peer) capture files,with different tcp.port number.but

how does wireshark dessect the protocol above TCP? No. Time Source Destinati

how does wireshark detect the protocol above tcp? ------------------ftp capture record----------------------------------