This is again a part of its reliable behavior where the other end host responds to denote that it has received its previous packet. This is the sequence number that is the usual thing for TCP because of which it gets its name for being a reliable protocol. | Hope I made this simple enough for you to be able to interpret the TCP flags. So, you will usually see something like this for a SYN-ACK =. Each dot is a TCP flag in this order FSRPA* = FIN-SYN-RST-PUSH-ACK-*** and I don’t know what the last one is, yet. 6 bits are reserved for the TCP flags denoted by 6 dots (……) in the logs. These are the TCP flags you have always know about. One of the most important fields in my opinion. (I also want to say this is locally significant on the firewall, but not very sure about it.) Quite important when it comes to reading the fw monitor logs on your the console. This is a unique number assigned to a packet until it is changed/altered in its course. Can either be TCP/UDP or something else in similar lines. This is the size of the frame as seen “on the wire” This can be either (i), (I), (o) or (O) based on what you are grepping when you setup the fw monitor. This is the interface where the traffic was seen and captured. Depending on your hardware/software platform you may or may not see this field. This shows the VSX from which the log was captured from.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |