[Dshield] Dshield email server

Schneelocke schneelocke at gmail.com
Fri Oct 1 13:35:46 GMT 2004


> Okay.  Need some assistance.  I've looked at tcpdump logs for years and
> have never seen a "SWE" in a line before.  For example:
> 
> 65.173.218.101  > x.x.x.x
> 09:23:12.986034 www.dshield.org.48059 > x.x.x.x.smtp: SWE
> 4018230856:4018230856(0) win 5840  (DF)
> 
> ???
> 
> Any assistance would be gravy.

"W" stands for the CWR (congestion window reduced) flag; E stands for
ECE (ECN echo sent) flag. These are described in RFC 2481 (updated by
RFC 3168).

-- 
schnee



More information about the list mailing list