tcpdump question

[Agus]

2008/8/29 Olivier Nicole <on at cs.ait.ac.th>:
> Edward,
>
>> I want to know what's meaning of 'S','.','P','F'?
>
> You should learn a bit about TCP protocol.
>
> S is for SYN (synchronize)
> P is for PUSH
> F is for FIN
> . is for nothing
>
> Pakets are:
>
> 3 way hand shake initiate TCP connection
> client > server SYN
> sever > client SYN ACK
> client > server ACK
>
> client > server send data
> server > client ACK and send data
> client > server ACK
>
> tTermination
> client > server FIN
> server > client ACK
> server > cient FIN
> client > server ACK
>
> ACk means acknowledge.
>
> Olivier
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>

Hi,

Not too much to add...exept that yes..you need to have a look at
TCP/IP to understand what those flags and packets mean....

The SYN flag is used to initiate a "conversation"...like they
put..synchronize, is also the first part of the three way handshacke
which is the complete negotation for the transmission to begin...you
will see sequence and acck numbers also...

Then the PUSH flag is to push data..so it probably means that that
packet is for the app layer..or something similar...

Then the FIN which is the polite way to finish the conversation....see
taht it usses 4 ways instead of the three to establish...that is cause
FIN probably consumes ACKs while SYN and ACKs doesnt.
Theres also another flag to end the communication that is the R -
RESET- Usually sent back to app trying to talk to other's box with
close port..

Very highly recommende the TCP Illustrated Vol 1 by Richard Stevens...

Sorry if i missed or probably have something wrong...

Cheers,
Agustin