From owner-freebsd-questions@FreeBSD.ORG Sat Aug 30 02:04:41 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 01C68106564A for ; Sat, 30 Aug 2008 02:04:41 +0000 (UTC) (envelope-from agus.262@gmail.com) Received: from rv-out-0506.google.com (rv-out-0506.google.com [209.85.198.227]) by mx1.freebsd.org (Postfix) with ESMTP id C865F8FC12 for ; Sat, 30 Aug 2008 02:04:40 +0000 (UTC) (envelope-from agus.262@gmail.com) Received: by rv-out-0506.google.com with SMTP id b25so1478354rvf.43 for ; Fri, 29 Aug 2008 19:04:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=Gh97cxfE/GPs3+5FrmSNLpyOxGggpJguihmTjZV+UC8=; b=T8VEd4Yc21Dqx3oefRsswVLlSuNbcwX6rsrjCfwOXuALZq/6oMujIPn200Fry3dcB6 Q9pheAXQIuDNsqzNucRUuXDSBELJZUUFIIZtF/w2hpvEx6UxXrVHpH0vig0IhXH+PLg6 AzusZ4i/olHMt9/JH/qDHzNdAv53ObehdhP8Y= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=NpBpxovGGcCSZRdx3cuYrksFln9FEUHFUIsAYYandQn8ce/yZpGlYlflR+HcrKHr/G b10yMMoTPWT2ZKDzpFoEvYsnOSBMrjdg7wArZ0U9+VcoP4rEHcEHV7tiljkCzwGs3xF/ R8JLfLlT7R5B6AE7Z+IzYd7nGCSfbdpc8z+TI= Received: by 10.141.18.12 with SMTP id v12mr1879308rvi.183.1220061880507; Fri, 29 Aug 2008 19:04:40 -0700 (PDT) Received: by 10.141.1.11 with HTTP; Fri, 29 Aug 2008 19:04:40 -0700 (PDT) Message-ID: Date: Fri, 29 Aug 2008 23:04:40 -0300 From: Agus To: "Olivier Nicole" In-Reply-To: <200808290932.m7T9WaBQ038904@banyan.cs.ait.ac.th> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <043901c909b9$3016f360$3f83a8c0@neusofteaf5839> <200808290932.m7T9WaBQ038904@banyan.cs.ait.ac.th> Cc: freebsd-questions@freebsd.org, zhangsc@neusoft.com Subject: Re: tcpdump question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Aug 2008 02:04:41 -0000 2008/8/29 Olivier Nicole : > Edward, > >> I want to know what's meaning of 'S','.','P','F'? > > You should learn a bit about TCP protocol. > > S is for SYN (synchronize) > P is for PUSH > F is for FIN > . is for nothing > > Pakets are: > > 3 way hand shake initiate TCP connection > client > server SYN > sever > client SYN ACK > client > server ACK > > client > server send data > server > client ACK and send data > client > server ACK > > tTermination > client > server FIN > server > client ACK > server > cient FIN > client > server ACK > > ACk means acknowledge. > > Olivier > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > Hi, Not too much to add...exept that yes..you need to have a look at TCP/IP to understand what those flags and packets mean.... The SYN flag is used to initiate a "conversation"...like they put..synchronize, is also the first part of the three way handshacke which is the complete negotation for the transmission to begin...you will see sequence and acck numbers also... Then the PUSH flag is to push data..so it probably means that that packet is for the app layer..or something similar... Then the FIN which is the polite way to finish the conversation....see taht it usses 4 ways instead of the three to establish...that is cause FIN probably consumes ACKs while SYN and ACKs doesnt. Theres also another flag to end the communication that is the R - RESET- Usually sent back to app trying to talk to other's box with close port.. Very highly recommende the TCP Illustrated Vol 1 by Richard Stevens... Sorry if i missed or probably have something wrong... Cheers, Agustin