ngrep o/p - [A], [AP]
Smoot Carl-Mitchell
smoot at tic.com
Sat Jan 17 23:09:05 UTC 2009
On Sat, 2009-01-17 at 13:43 -0800, Evuraan::ഏവൂരാന് wrote:
> What does [A] and [AP] mean on a typical ngrep o/p?
>
> # ngrep -i "keep-alive" port 80 -W byline
>
>
> <snip>
> T 192.168.1.100:80 -> 66.249.67.42:57891 [A]
> T 66.249.67.42:43897 -> 192.168.1.100:80 [AP]
> <snip>
>
> I know T is for TCP, what does {A] and [AP] at the end of the line mean?
I believe those are the TCP control bits found in the TCP header. "A"
is acknowledgement and "P" is push. The push bit tells the receiving
TCP to push the data immediately to the receiving application. The
acknowledgement bit tells the receiver how much data it has sent to the
sender which has been acknowledged by the sender. Remember TCP is
bidirectional. It is part of what makes TCP a reliable transport
protocol.
See http://www.ietf.org/rfc/rfc0793.txt
for all the gory details.
--
Smoot Carl-Mitchell
Computer Systems and
Network Consultant
smoot at tic.com
+1 480 922 7313
cell: +1 602 421 9005
More information about the ubuntu-users
mailing list