I'm trying to connect to a remote device (which connect to my server on port 31200 via TCP) and while troubleshooting with ngrep I'm getting the following:
T(6) 2012/02/21 00:26:25.817525 9.8.7.6:37400 -> 1.2.3.4:31200 [S]
T(6) 2012/02/21 00:26:25.817556 1.2.3.4:31200 -> 9.8.7.6:37400 [AR]
Does anyone know what the [S] and [AR] stand for or where I can find further info, can't find anything after an hour of searching (my C is poor so can't look into the source of ngrep to figure things out)! Also would be good to know what the (6) stands for, I've read it's the subprotocol but what does it correspond to?
Thanks
Best Answer
According to the
ngrepsource, theTdenotes TCP, and the(6)is the unsigned decimal representation of the protocol itself (read from the packet) - so the notations are equivalent. The available protocols are:T(6)- TCPU(17)UDPI(1)- ICMPI(58)- ICMPv6G(2)- IGMP?(unknown)There is a lot more, but those are the only ones put out by
ngrep.The possibilities for the TCP flags are:
[A][S][R][F][U][P][E][C]