找到你要的答案

Q:Ettercap TCP packets type

Q:ettercap TCP数据包类型

Sorry if my question looks dumb, but I would like to understand the meaning of the letters written next to the packet transaction details of Ettercap when sniffing TCP packets, for example:

Thu Apr 16 04:07:30 2015
TCP  192.168.1.100:1000 --> 192.168.1.101:1000 | A
Message here.

what's the meaning of the "A" letter at the end of the line ( | A)?

I've seen differents letters in various messages, and I don't understand their meaning

A, S, AP, SA, FA, RA

and so on. I've searched on the internet, but I cannot find any documentation about this (and about Ettercap in general). Could you explain me their meaning, or provide a link in which they are explained?

Thank you!

对不起,如果我的问题看起来很笨,但我想了解文字的意义下对数据包的交易细节时ettercap嗅探TCP数据包,例如:

Thu Apr 16 04:07:30 2015
TCP  192.168.1.100:1000 --> 192.168.1.101:1000 | A
Message here.

什么意义上的“最后一个”的信(|一)?

我看到不同的字母在不同的消息,我不懂他们的意思

A, S, AP, SA, FA, RA

and so on. I've searched on the internet, but I cannot find any documentation about this (and about Ettercap in general). Could you explain me their meaning, or provide a link in which they are explained?

谢谢您!

answer1: 回答1:

Those are different tcp flags/packet types:

S = SYN (connection request)
A = ACK (acknowledge previous packet)
P = PUSH (see link)
R = RESET (immediate/abrupt connection termination)
F = FIN (normal connection termination)
U = URGENT (see link)

Two letters together mean two flags: SA = SYN ACK, RA = RESET ACK.

Here you got a post with a memo-trick to remember flags: https://danielmiessler.com/study/tcpflags/

And here you got a link explaining PUSH and URGENT: http://packetlife.net/blog/2011/mar/2/tcp-flags-psh-and-urg/

Hope that helps!

这些是不同的TCP标志/数据包类型:

S = SYN (connection request)
A = ACK (acknowledge previous packet)
P = PUSH (see link)
R = RESET (immediate/abrupt connection termination)
F = FIN (normal connection termination)
U = URGENT (see link)

两个字母在一起意味着两面旗帜:SA = SYN ACK,RA =重置确认。

Here you got a post with a memo-trick to remember flags: https://danielmiessler.com/study/tcpflags/

And here you got a link explaining PUSH and URGENT: http://packetlife.net/blog/2011/mar/2/tcp-flags-psh-and-urg/

希望帮助!

sockets  tcp  raspbian  packet-sniffers  man-in-the-middle