LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page tcpdump Flags [. ]
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 09-27-2012, 12:40 AM   #1
casperdaghost
Member
 
Registered: Aug 2009
Posts: 349

Rep: Reputation: 16
tcpdump Flags [. ]

this is a truncated output from a tcp dump

what do the Flags [.] , [P.] and [S.] mean - and are there wepages , tutorials which could point me in the direction of leaning to read tcpdump output.



Code:
09:09:23.883403 IP 172.54.4.5.45608 > 192.168.2.45.34583: Flags [.], ack 1, win 8192, length 0
09:09:24.011326 IP 172.54.4.5.45608 > 192.168.2.45.34583: Flags [P.], ack 1, win 8192, length 49
09:09:24.011329 IP 192.168.2.45.34583 > 172.54.4.5.45608: Flags [.], ack 50, win 5840, length 0
09:09:24.011359 IP 172.54.4.5.45608 > 192.168.2.45.34583: Flags [.], ack 1, win 8192, length 0
09:09:24.011457 IP 192.168.2.45.34583 > 172.54.4.5.45608: Flags [P.], ack 50, win 5840, length 33
09:09:24.011488 IP 172.54.4.5.45608 > 192.168.2.45.34583: Flags [.], ack 34, win 8159, length 0
09:09:24.011491 IP 172.54.4.5.45608 > 192.168.2.45.34583: Flags [.], ack 34, win 8191, length 0
09:09:24.011511 IP 192.168.2.45.34583 > 172.54.4.5.45608: Flags [P.], ack 50, win 5840, length 13
09:09:24.011541 IP 172.54.4.5.45608 > 192.168.2.45.34583: Flags [.], ack 47, win 8178, length 0
09:09:24.011544 IP 172.54.4.5.45608 > 192.168.2.45.34583: Flags [.], ack 47, win 8191, length 0
09:09:24.017494 IP 172.54.4.5.45608 > 192.168.2.45.34583: Flags [P.], ack 47, win 8191, length 3
09:09:24.054194 IP 192.168.2.45.34583 > 172.54.4.5.45608: Flags [.], ack 53, win 5840, length 0
09:09:24.054224 IP 172.54.4.5.45608 > 192.168.2.45.34583: Flags [.], ack 47, win 8191, length 0
09:09:24.719107 IP 192.168.2.45.34583 > 172.54.4.5.45608: Flags [P.], ack 53, win 5840, length 3
09:09:24.719138 IP 172.54.4.5.45608 > 192.168.2.45.34583: Flags [.], ack 50, win 8188, length 0
09:09:24.719140 IP 172.54.4.5.45608 > 192.168.2.45.34583: Flags [.], ack 50, win 8191, length 0
09:09:25.005134 IP 172.54.4.5.45608 > 192.168.2.45.34583: Flags [P.], ack 50, win 8191, length 3
09:09:25.005136 IP 192.168.2.45.34583 > 172.54.4.5.45608: Flags [.], ack 56, win 5840, length 0
09:09:25.005165 IP 172.54.4.5.45608 > 192.168.2.45.34583: Flags [.], ack 50, win 8191, length 0
 
Old 09-27-2012, 02:19 AM   #2
Berhanie
Senior Member
 
Registered: Dec 2003
Location: phnom penh
Distribution: Fedora
Posts: 1,625

Rep: Reputation: 165Reputation: 165
it's documented in the tcpdump man page under the heading "TCP packets":
Code:
       The general format of a tcp protocol line is:
              src > dst: flags data-seqno ack window urgent options
       Src and dst are the source and destination IP addresses and ports.  Flags are some  combination
       of  S  (SYN),  F  (FIN), P (PUSH), R (RST), U (URG), W (ECN CWR), E (ECN-Echo) or `.' (ACK), or
       `none' if no flags are set...
 
Old 09-27-2012, 07:32 AM   #3
Berhanie
Senior Member
 
Registered: Dec 2003
Location: phnom penh
Distribution: Fedora
Posts: 1,625

Rep: Reputation: 165Reputation: 165
@Hendri2201, spamming other people's threads (also, here) is not the way to ask for help with your problems.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] What does the flags[DF] in the output of tcpdump stand for... trist007 Linux - Newbie 1 04-10-2011 03:02 PM
USE flags deucedlt Linux - Distributions 3 02-24-2008 03:25 PM
gcc flags? kalleanka Programming 2 08-16-2007 06:53 AM
CC flags and the like Garp Linux - Software 2 05-17-2004 03:48 AM
lilo flags german Linux - General 3 04-15-2004 08:07 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 11:48 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration