Sorry if my question looks dumb, but I would like to understand the meaning of the letters written next to the packet transaction details of Ettercap when sniffing TCP packets, for example:
Thu Apr 16 04:07:30 2015
TCP 192.168.1.100:1000 --> 192.168.1.101:1000 | A
Message here.
what's the meaning of the "A" letter at the end of the line ( | A)?
I've seen differents letters in various messages, and I don't understand their meaning
A, S, AP, SA, FA, RA
and so on. I've searched on the internet, but I cannot find any documentation about this (and about Ettercap in general). Could you explain me their meaning, or provide a link in which they are explained?
Thank you!
Those are different tcp flags/packet types:
S = SYN (connection request)
A = ACK (acknowledge previous packet)
P = PUSH (see link)
R = RESET (immediate/abrupt connection termination)
F = FIN (normal connection termination)
U = URGENT (see link)
Two letters together mean two flags: SA = SYN ACK, RA = RESET ACK.
Here you got a post with a memo-trick to remember flags: https://danielmiessler.com/study/tcpflags/
And here you got a link explaining PUSH and URGENT: http://packetlife.net/blog/2011/mar/2/tcp-flags-psh-and-urg/
Hope that helps!