-   Linux - Networking (
-   -   explanation on tcpdump output (

mario.almeida 01-25-2011 06:25 AM

explanation on tcpdump output
Hi All,

OS: CentOS 5.5 64bit
IBM x3550

Need some explanation on the below output.


10:41:50.335250 IP (tos 0x0, ttl 117, id 30367, offset 0, flags [none], proto: TCP (6), length: 576) > . 102034896:102035432(536) ack 152861222 win 65535

10:41:50.335257 IP (tos 0x0, ttl 117, id 30368, offset 0, flags [none], proto: TCP (6), length: 333) > P 536:829(293) ack 1 win 65535

From the above output of tcpdump wherever there is flags [none] the window size is always 65535

can anyone explain me why the flag is set to none and why not DF and for having none why the window size is 65535?

nini09 01-25-2011 03:36 PM

It is explained in the tcpdump man page under the section "OUTPUT FORMAT" for flags.
Flags are some combination of S (SYN), F (FIN), P (PUSH), R (RST), W(ECN CWR) or E (ECN-Echo), or a single . (no flags).
Window size isn't relative to TCP flags.

All times are GMT -5. The time now is 09:31 PM.