![]() ![]() ![]() ![]() If it's blank, no flags are set (which should never happen) if it's just a ".", it's an ACK-only packet (as everything except for the initial SYN should have ACK set, ACK isn't reported except for ACK-only packets).ĮCN is Explicit Congestion Notification, specified in RFC 3168. Those are TCP packets for some protocol that tcpdump doesn't dissect (HTTP-over-SSL/TLS, probably, given that they're to and from port 443), so, after the IP addresses, the TCP flags are printed. I'm trying to dicpher a packet capture we just recently did and I don't seem to understand what SWE and SE responses are. ![]()
0 Comments
Leave a Reply. |