2

Sorry if my question looks dumb, but I would like to understand the meaning of the letters written next to the packet transaction details of Ettercap when sniffing TCP packets, for example:

Thu Apr 16 04:07:30 2015
TCP  192.168.1.100:1000 --> 192.168.1.101:1000 | A
Message here.

what's the meaning of the "A" letter at the end of the line ( | A)?

I've seen differents letters in various messages, and I don't understand their meaning

A, S, AP, SA, FA, RA

and so on. I've searched on the internet, but I cannot find any documentation about this (and about Ettercap in general). Could you explain me their meaning, or provide a link in which they are explained?

Thank you!

user2959923
  • 144
  • 1
  • 2
  • 14

1 Answers1

2

Those are different tcp flags/packet types:

S = SYN (connection request)
A = ACK (acknowledge previous packet)
P = PUSH (see link)
R = RESET (immediate/abrupt connection termination)
F = FIN (normal connection termination)
U = URGENT (see link)

Two letters together mean two flags: SA = SYN ACK, RA = RESET ACK.

Here you got a post with a memo-trick to remember flags: https://danielmiessler.com/study/tcpflags/

And here you got a link explaining PUSH and URGENT: http://packetlife.net/blog/2011/mar/2/tcp-flags-psh-and-urg/

Hope that helps!

Martin E. Zulliger
  • 849
  • 5
  • 13