Stranger tcpdump output which contains some IP package with no flags and empty payload, what the purpose of these packages?

Question

I use tcpdmp to capture packages between my client and server communications with the command

tcpdump -i eth0 -v port 8113

The output contains many packages like the following:

******* IP (tos 0x0, ttl 64, id 14510, offset 0, flags [DF], proto TCP (6), length 40)
    *******.8113 > ********.27853: Flags [.], cksum 0x6750 (correct), ack 32, win 23, length 0

So what these empty packages without any flags for?

Vadim · Answer 1 · 2013-11-16T19:07:06.260

1

TCP packets without any flags are malformed by RFC 793. These segments can be used for discovering of closed ports. TCP segments with wrong flags should be dropped by an open port and should be answered with RST if a port is closed. It called "TCP Null Scan". See here for details.

edited Nov 16 '13 at 19:07

answered Nov 16 '13 at 18:59

Vadim

567
6
13

Is this the only possible explanation? – George Nov 18 '13 at 02:16

Stranger tcpdump output which contains some IP package with no flags and empty payload, what the purpose of these packages?

1 Answers1