What does "TCP:SEC" mean in the Firewall Log Files "Proto" field?
I think the "S" means "Syn," but does "E" mean "ECE" and "C" mean "CWR"
OR
is it "S" and "EC" for "Syn" and "ECE"?
I have a lot of this kind of stuff in my Firewall Log files. Is that normal?
[Edited to add]: Also, do I need to be creating rules to allow this type of traffic? Or are simple rules to allow only "Syns" sufficient?
Thanks.
Hi,
There is a prominent help text on the standard log view header right below the filter options:
TCP Flags: F - FIN, S - SYN, A or . - ACK, R - RST, P - PSH, U - URG, E - ECE, W - CWR
And yes, TCP works this way. :)
Cheers,
Franco