Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What's the meaning of "ecr" option in tcpdump?

Tags:

networking

tcp

packet-capture

tcpdump

19:25:47.629351 IP 2.2.2.2.80 > 1.1.1.1.31889: Flags [.], seq 2372487272:2372492544, ack 2808407165, win 122, options [nop,nop,TS val 911640439 ecr 235835291], length 5272
19:25:47.631626 IP 1.1.1.1.31889 > 2.2.2.2.80: Flags [.], ack 2372480682, win 3876, options [nop,nop,TS val 235835291 ecr 911640428], length 0
19:25:47.631638 IP 1.1.1.1.31889 > 2.2.2.2.80: Flags [.], ack 2372483318, win 3793, options [nop,nop,TS val 235835291 ecr 911640428], length 0
19:25:47.631677 IP 1.1.1.1.31889 > 2.2.2.2.80: Flags [.], ack 2372483318, win 4096, options [nop,nop,TS val 235835292 ecr 911640428], length 0
19:25:47.674712 IP 1.1.1.1.31889 > 2.2.2.2.80: Flags [.], ack 2372485954, win 4054, options [nop,nop,TS val 235835335 ecr 911640428], length 0

What is the meaning of the ecr in the options list in tcpdump's output?
I google it but failed.

like image 875
Dan Avatar asked Sep 19 '16 12:09

Dan

People also ask

What is option in tcpdump?

tcpdump allows you to specify network packets that are either using some port X as source or destination. For example, to capture DNS traffic, you can use port 53 . You could prefix the port keyword with src/dst as src port 53 or dst port 53 and filter it even further.

How do I decode tcpdump output?

The "-r" option lets you read the output of a file. All you have to do is use the "-r" option with tcpdump command and specify the path of the file you want to read.

What is verbose output in tcpdump?

One of the most useful topics covered is verbosity, which allows you to control the level of output from the tcpdump command. This is the final article in the series, so be sure you have read parts one and two.

What is sackOK in tcpdump?

mss 1460 is the maximum segment size, or maximum IP datagram size that can be handled without using fragmentation. Both sides of the connection must agree on a value; if they are different, the lower value is used. sackOK means "selective acknowledgments," or allow the receiver to acknowledge packets out of sequence.

1 Answers

ECR - Echo reply --- that was sent with the acknowledgement field. Its a timestamp value calculated based upon the TSval sent in the sync packet...

like image 119
balraje Avatar answered Nov 15 '22 05:11

balraje
Sign in to Comment

Related questions

when doing downloading with python,should I use multithreading or multiprocessing?
Hostname discovery for all machines on a network
Apache Thrift Python-Java 'Connection Refused'
Why wait DIFS in order to sense if the channel is idle
Does TCP endpoint that has sent a FIN, still send keepalive?
VBA, File System Object, speed/advantages/disadvantages
Constantly Listen for Internet Reachability?
Vagrant "domain forwarding"
networking is not working on qemu guest (Malta Mips)
Using sockets between android device and pc (same network)
How to obtain exit code when I invoke NET USE command via Powershell?
Creating Zigbee Ad-hoc Network in a dynamic environment
Confused between ports and sockets
algorithm to find IPv4 networks in CIDR notation between two IPv4 addresses
why can I only read 2048 bytes at a time from an okhttp.Response InputStream?
How to store Clients in a list
Timer T323 and fast dormancy in UMTS network
Some TCP states not showing in the terminal
unknown connection on my raspberry connected on the internet
Why is window size less than or equal to half the sequence number in SR protocol?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!