From the course: Firewall Administration Essential Training
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Read logs and interpret TCP flag definitions
From the course: Firewall Administration Essential Training
Read logs and interpret TCP flag definitions
- [Lecturer] When reading the logs to troubleshooting your firewall, you're going to run into a bunch of acronyms that you won't understand at first. So these are TCP control flags, and they indicate how data should be handled in routing so it can be useful for you to know what they mean. That way when you encounter them you'll have a better insight into what may be happening. Let's take a look at a few and see what they mean. First is CWR, which refers to congestion window reduced. It's a flag set by the sending host to indicate that it received a TCP segment it was supposed to echo. You'll see CWR referenced when the network is congested enough to risk dropping packets. This only works at the end if all of the equipment in the chain of communication can handle explicit congestion notification. The next one is ECE, or ECN-Echo, which refers to the echo referenced by the CWR flag above. It just indicates that the TCP peer is Echo capable. URG references the urgent pointer field in a…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.