|
|
| CWR | Congestion Window Reduced (CWR) flag is set by the sending host to
indicate that it received a TCP segment with the ECE flag set (added to
header by RFC 3168).
|
| ECE (ECN-Echo) | indicate that the TCP peer is ECN capable during 3-way
handshake (added to header by RFC 3168).
|
| URG | indicates that the URGent pointer field is significant
|
| ACK | indicates that the ACKnowledgment field is significant (Sometimes
abbreviated by tcpdump as ".")
|
| PSH | Push function
|
| RST | Reset the connection (Seen on rejected connections)
|
| SYN | Synchronize sequence numbers (Seen on new connections)
|
| FIN | No more data from sender (Seen after a connection is closed)
|
SEW:
S is SYN, meaning it's starting a new connection.
E is ECE "indicate that the TCP peer is ECN capable during 3-way handshake"
W is CWR "Congestion Window Reduced (CWR) flag is set by the sending host to
indicate that it received a TCP segment with the ECE flag set"
tcpdump 'tcp[13] & 128 != 0' #CWR
tcpdump 'tcp[13] & 64 != 0' #ECE
tcpdump 'tcp[13] & 32 != 0' #URG
tcpdump 'tcp[13] & 16 != 0' #ACK
tcpdump 'tcp[13] & 8 != 0' #PSH
tcpdump 'tcp[13] & 4 != 0' #RST
tcpdump 'tcp[13] & 2 != 0' #SYN
tcpdump 'tcp[13] & 1 != 0' #FIN
ECN allows end-to-end notification of network congestion without dropping
packets. ECN is an optional feature that may be used between two ECN-enabled
endpoints when the underlying network infrastructure also supports it.
