[Intrusions] tcpdump results
opiesan
opiesan at opiesan.com
Thu Oct 7 02:03:05 GMT 2004
Hello Don.
I'm not a TCP/IP guru but I believe the numbers within the curly braces are the beginning and ending TCP sequence numbers. Sequence numbers is one of the mechanisms TCP uses to guarantee reliable packet delivery. To fully explain what your output is saying, it might help to send the exact tcpdump command you used. Hope this clarifies things somewhat.
Scott
---- Donald Cunningham <cunningham70 at yahoo.com> wrote:
>
> Hello all,
>
> I'm seeing some tcpdump results I don't fully
> understand. Would one of you kindly point me to a
> reference that will help me understand the output of
> the traces shown below. In particular I don't
> understand the part of the trace within the curly
> braces:
>
> 09:16:21.486544 local.ip.address.1494 >
> remote.ip.address.80: . ack 128341 win 48990
> <nop,nop,sack sack 1 {136621:138001} > (DF)
>
> 09:16:21.486546 local.ip.address.1494 >
> remote.ip.address.80: . ack 128341 win 48990
> <nop,nop,sack sack 1 {136621:139381} > (DF)
>
> 09:16:21.487166 local.ip.address.1494 >
> remote.ip.address.80: . ack 128341 win 48990
> <nop,nop,sack sack 1 {136621:140761} > (DF)
>
> 09:16:21.487293 local.ip.address.1494 >
> remote.ip.address.80: . ack 128341 win 48990
> <nop,nop,sack sack 1 {136621:142141} > (DF)
>
>
> I know, I know... but I've RTFManpage and it didn't
> help.
>
> Thanks,
>
> Don
>
>
>
> _______________________________
> Do you Yahoo!?
> Declare Yourself - Register online to vote today!
> http://vote.yahoo.com
> _______________________________________________
> Intrusions mailing list
> Intrusions at lists.sans.org
> http://www.dshield.org/mailman/listinfo/intrusions
>
>
More information about the Intrusions
mailing list