# Stripped from p0f.fp signature file # # Format: # # wwww:ttt:mmm:D:W:S:N:I:OS Description # # wwww - window size # ttt - time to live # mmm - maximum segment size # D - don't fragment flag (0=unset, 1=set) # W - window scaling (-1=not present, other=value) # S - sackOK flag (0=unset, 1=set) # N - nop flag (0=unset, 1=set) # I - packet size (-1 = irrevelant) 5840:64:1460:1:0:1:1:60:Linux 2.4.2 - 2.4.14 (1) # attacker packets Frame 153721 (74 on wire, 74 captured) Arrival Time: Aug 26, 2002 20:24:50.3781 Time delta from previous packet: 0.000000 seconds Time relative to first packet: 1500.127379 seconds Frame Number: 153721 Packet Length: 74 bytes Capture Length: 74 bytes Ethernet II Destination: 00:60:08:a8:61:24 (00:60:08:a8:61:24) Source: 00:10:a4:c5:7c:38 (00:10:a4:c5:7c:38) Type: IP (0x0800) Internet Protocol Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 60 Identification: 0x0b5a Flags: 0x04 --> .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 --> Time to live: 64 Protocol: TCP (0x06) Header checksum: 0xada5 (correct) Source: 192.168.0.9 (192.168.0.9) Destination: 192.168.0.99 (192.168.0.99) Transmission Control Protocol, Src Port: 34260 (34260), Dst Port: 994 (994), Seq: 297281743, Ack: 0 Source port: 34260 (34260) Destination port: 994 (994) Sequence number: 297281743 Header length: 40 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set --> Window size: 5840 Checksum: 0xc6a5 (correct) Options: (20 bytes) --> Maximum segment size: 1460 bytes --> SACK permitted Time stamp: tsval 16917397, tsecr 0 --> NOP --> Window scale: 0 bytes