TCP connection termination is performed by the four-way handshake, as shown below (the image is taken from here).
I tried to verify it on Cisco Packet Tracer. With the following topology, I captured some packets (shown below) by initiating a http request.
By analyzing the last four tcp packets (tcp connection termination), I got this:
It looks like a three-way handshake. Please explain it.
I was wondering if the request packet from Sever to PC (label in 2
) carries additional ACK information (piggybacking ACKs)? If yes, how do I know if a packet is piggybacking?