It indicates that the host sending the packet supports ECN.
"SWE" has SYN+ECN Echo+ECN Cwnd Reduced it's an initial SYN, and is, to use the terminology in section 6.1.1 of RFC 3168, an "ECN-setup SYN packet".If it's blank, no flags are set (which should never happen) if it's just a ".", it's an ACK-only packet (as everything except for the initial SYN should have ACK set, ACK isn't reported except for ACK-only packets).ĮCN is Explicit Congestion Notification, specified in RFC 3168.
Those are TCP packets for some protocol that tcpdump doesn't dissect (HTTP-over-SSL/TLS, probably, given that they're to and from port 443), so, after the IP addresses, the TCP flags are printed. I'm trying to dicpher a packet capture we just recently did and I don't seem to understand what SWE and SE responses are.
0 kommentar(er)
