[Dshield] Dshield email server

Esler, Joel - Contractor joel.esler at rcert-s.army.mil
Fri Oct 1 14:17:56 GMT 2004

DUH!!!  Thanks..  *yawn*...  I knew that.  That's what I get before
sending a question before I wake up.


-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of Schneelocke
Sent: Friday, October 01, 2004 9:36 AM
To: General DShield Discussion List
Subject: Re: [Dshield] Dshield email server

> Okay.  Need some assistance.  I've looked at tcpdump logs for years 
> and have never seen a "SWE" in a line before.  For example:
>  > x.x.x.x
> 09:23:12.986034 www.dshield.org.48059 > x.x.x.x.smtp: SWE
> 4018230856:4018230856(0) win 5840  (DF)
> ???
> Any assistance would be gravy.

"W" stands for the CWR (congestion window reduced) flag; E stands for
ECE (ECN echo sent) flag. These are described in RFC 2481 (updated by
RFC 3168).

DShield and the Internet Storm Center are sponsored by the SANS
Institute. To learn more about current SANS training, see
http://www.sans.org .

send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:

More information about the list mailing list