I'm specifically looking for a definition of what the following mean: TCP:RA, TCP:FA ,TCP:PA, TCP:S, TCP:SEC
The context is that I'm looking at some pfSense logs which are showing rejected packets by the default deny rule. My understanding is that this can happen from asymmetric network traffic where perhaps a connection is closed before a packet acknowledging that fact arrives. And, from what I can tell, the messages are "harmless" and for the most part, not suppressible.
I'm trying to understand what I'm looking at. Is each one of those a 'thing'? Is it some notation of state? Is it a way of showing which flags are set? (e.g. TCP:RA is just a packet with Reset and Ack set or something)
I've been trying to hunt down the meaning of these, but am running into articles that say "nah, don't worry about it" (but don't say what 'it' is) or that the terms are so short the search engines are extrapolating I'm looking for something else highly off topic.
Best Answer
They represent the TCP flags, indeed. RFC 793, 3.1:
And additions:
NS
: ECN-nonce - concealment protection. RFC 3540CWR
: Congestion window reduced. RFC 3168ECE
: ECN-Echo. RFC 3168From this we can deduce:
TCP:RA
= RST, ACKTCP:FA
= FIN, ACKTCP:PA
= PSH, ACKTCP:S
= SYNTCP:SEC
= SYN, ECE, CWR