Networking Forums
Home Register Members Search Links
Member Login:

Networking Forums > Computer Networking > Linux Networking > need help to analyse tcpdump output

Reply
Thread Tools Display Modes

need help to analyse tcpdump output

 
 
mike
Guest
Posts: n/a

 
      05-31-2004, 08:56 AM
hi
i have captured dump of a client accessing a webserver.What i don't
understand
is lines 4 to 7 ( i have put arrows ). why is the client machine
setting the
"P"(ush) flag ?? and why is the webserver setting the flag as well??
any help is appreciated thanks..

.......
client_machine.2967 > webserver.www: S 1703314630:1703314630(0) win
16384 <mss 1460,nop,nop,sackOK> (DF)
webserver.www > client_machine.2967: S 3872603931:3872603931(0) ack
1793314621 win 5840 <mss 1460,nop,nop,sackOK> (DF)
client_machine.2967 > webserver.www: . ack 1 win 17520 (DF)
client_machine.2967 > webserver.www: P 1:28(27) ack 1 win 17520 (DF)
<-------
webserver.www > client_machine.2967: . ack 28 win 5840 (DF)
webserver.www > client_machine.2967: P 1:848(847) ack 28 win 5840 (DF)
webserver.www > client_machine.2967: F 848:848(0) ack 28 win 5840 (DF)
<------
client_machine.2967 > webserver.www: . ack 849 win 16673 (DF)
client_machine.2967 > webserver.www: F 28:28(0) ack 849 win 16673 (DF)
webserver.www > client_machine.2967: . ack 29 win 5840 (DF)
client_machine.2970 > webserver.www: S 989305384:989305384(0) win
16384 <mss 1460,nop,nop,sackOK> (DF)
webserver.www > client_machine.2970: S 3914599614:3914599614(0) ack
989304385 win 5840 <mss 1460,nop,nop,sackOK> (DF)
client_machine.2970 > webserver.www: . ack 1 win 17520 (DF)
client_machine.2970 > webserver.www: P 1:28(27) ack 1 win 17520 (DF)
webserver.www > client_machine.2970: . ack 28 win 5840 (DF)
webserver.www > client_machine.2970: P 1:848(847) ack 28 win 5840 (DF)
webserver.www > client_machine.2970: F 848:848(0) ack 28 win 5840 (DF)
client_machine.2970 > webserver.www: . ack 849 win 16673 (DF)
client_machine.2970 > webserver.www: F 28:28(0) ack 849 win 16673 (DF)
webserver.www > client_machine.2970: . ack 29 win 5840 (DF)
 
Reply With Quote
 
 
 
 
Allen Kistler
Guest
Posts: n/a

 
      05-31-2004, 11:44 PM
mike wrote:
> hi
> i have captured dump of a client accessing a webserver.What i don't
> understand
> is lines 4 to 7 ( i have put arrows ). why is the client machine
> setting the
> "P"(ush) flag ?? and why is the webserver setting the flag as well??
> any help is appreciated thanks..
>
> [snip]

To make the other side process everything in its buffer. That's what
PUSH means.
 
Reply With Quote
Reply

« internalaccess to internal webserver via gateway hostname | Monthly SurgeMail Mail Server FAQ Pointer »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
tcpdump output - what is 0x0020? news8080@yahoo.com Linux Networking 4 01-30-2007 07:27 PM
connect() - tcpdump output question Ural Mutlu Linux Networking 2 07-24-2006 06:12 PM
tcpdump output kenz Linux Networking 16 09-14-2005 12:27 AM
Unusual tcpdump output? bakdong@hotmail.com Linux Networking 9 01-19-2005 01:36 PM
Does anyone understand tcpdump output? Tim Sampson Linux Networking 0 08-15-2003 02:15 PM


Forum Software Powered by vBulletin®, Copyright Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2 ©2009, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top

1 2 3 4 5 6 7 8 9 10 11