https://community.cisco.com/t5/network-security/capture-output/m-p/3368234#M961815 <P>What does Push mean in this case I had never heard that term used.&nbsp; The only reason I put it was push was because it was in another tread I had found.</P> Wed, 18 Apr 2018 14:55:55 GMT james.weatherman 2018-04-18T14:55:55Z https://community.cisco.com/t5/network-security/capture-output/m-p/3368170#M961812 <P>I am trying to read the capture output that I am getting.&nbsp; I know that the S=Syn, A=Ack, P=Push (What does PUSH mean?) but what does a dot (.) and a F stand for.&nbsp; I am using the command show cap capin to get the information.&nbsp;</P> <P>&nbsp;</P> <P>116: 08:41:51.820514 802.1Q vlan#2114 P0 10.28.5.38.64959 &gt; 10.28.39.93.443: . ack 2159159008 win 65280<BR /> 117: 08:41:51.820697 802.1Q vlan#2114 P0 10.28.39.93.443 &gt; 10.28.5.38.64959: P 2159168509:2159168689(180) ack 3968189402 win 23172<BR /> 118: 08:41:51.820727 802.1Q vlan#2114 P0 10.28.5.38.64959 &gt; 10.28.39.93.443: . ack 2159160468 win 65280<BR /> 119: 08:41:51.820788 802.1Q vlan#2114 P0 10.28.39.93.443 &gt; 10.28.5.38.64959: . 2159168689:2159169969(1280) ack 3968189402 win 23172<BR /> 120: 08:41:51.820788 802.1Q vlan#2114 P0 10.28.39.93.443 &gt; 10.28.5.38.64959: P 2159169969:2159171091(1122) ack 3968189402 win 23172<BR /> 121: 08:41:51.820804 802.1Q vlan#2114 P0 10.28.39.93.443 &gt; 10.28.5.38.64959: P 2159171091:2159172371(1280) ack 3968189402 win 23172<BR /> 122: 08:41:51.821002 802.1Q vlan#2114 P0 10.28.39.93.443 &gt; 10.28.5.38.64959: P 2159172371:2159172530(159) ack 3968189402 win 23172<BR /> 123: 08:41:51.821048 802.1Q vlan#2114 P0 10.28.5.38.64959 &gt; 10.28.39.93.443: . ack 2159162870 win 65280<BR /> 124: 08:41:51.821124 802.1Q vlan#2114 P0 10.28.5.38.64959 &gt; 10.28.39.93.443: . ack 2159164309 win 65280<BR /> 125: 08:41:51.821292 802.1Q vlan#2114 P0 10.28.5.38.64959 &gt; 10.28.39.93.443: . ack 2159165769 win 65280<BR /> 126: 08:41:51.821338 802.1Q vlan#2114 P0 10.28.39.93.443 &gt; 10.28.5.38.64959: . 2159172530:2159173810(1280) ack 3968189402 win 23172<BR /> 127: 08:41:51.821338 802.1Q vlan#2114 P0 10.28.39.93.443 &gt; 10.28.5.38.64959: P 2159173810:2159174850(1040) ack 3968189402 win 23172<BR /> 128: 08:41:51.821383 802.1Q vlan#2114 P0 10.28.5.38.64959 &gt; 10.28.39.93.443: . ack 2159167229 win 65280<BR /> 129: 08:41:51.825930 802.1Q vlan#2114 P0 10.28.39.93.443 &gt; 10.28.9.223.54128: F 64380739:64380739(0) ack 1606964975 win 10076<BR /> 130: 08:41:51.825946 802.1Q vlan#2114 P0 10.28.39.93.443 &gt; 10.28.9.223.54101: F 2796087050:2796087050(0) ack 1225516994 win 14028<BR /> 131: 08:41:51.826007 802.1Q vlan#2114 P0 10.28.39.93.443 &gt; 10.28.9.223.54098: F 2302808906:2302808906(0) ack 2216340728 win 12033<BR /> 132: 08:41:51.826022 802.1Q vlan#2114 P0 10.28.39.93.443 &gt; 10.28.9.223.54100: F 2986425331:2986425331(0) ack 2874897291 win 15216<BR /> 133: 08:41:51.826037 802.1Q vlan#2114 P0 10.28.39.93.443 &gt; 10.28.9.223.54157: F 323375547:323375547(0) ack 1481009295 win 6456<BR /> 134: 08:41:51.826037 802.1Q vlan#2114 P0 10.28.39.93.443 &gt; 10.28.9.223.54105: F 3252855761:3252855761(0) ack 951598908 win 15949<BR /> 135: 08:41:51.840212 802.1Q vlan#2114 P0 10.28.39.93.443 &gt; 10.28.16.15.61245: . 1714258375:1714259114(739) ack 3096216603 win 5079<BR /> 136: 08:41:51.840227 802.1Q vlan#2114 P0 10.28.39.93.443 &gt; 10.28.16.15.61245: . 1714259114:1714259988(874) ack 3096216603 win 5079<BR /> 137: 08:41:51.840242 802.1Q vlan#2114 P0 10.28.39.93.443 &gt; 10.28.16.15.61245: . 1714259988:1714261268(1280) ack 3096216603 win 5079<BR /> 138: 08:41:51.840242 802.1Q vlan#2114 P0 10.28.39.93.443 &gt; 10.28.16.15.61245: P 1714261268:1714261288(20) ack 3096216603 win 5079<BR /> 139: 08:41:51.840441 802.1Q vlan#2114 P0 10.28.39.93.443 &gt; 10.28.16.15.61245: P 1714261288:1714262568(1280) ack 3096216603 win 5079<BR /> 140: 08:41:51.840578 802.1Q vlan#2114 P0 10.28.39.93.443 &gt; 10.28.16.15.61245: P 1714262568:1714262588(20) ack 3096216603 win 5079<BR /> 141: 08:41:51.840990 802.1Q vlan#2114 P0 10.28.39.93.443 &gt; 10.28.16.15.61245: P 1714262588:1714262755(167) ack 3096216603 win 5079<BR /> 142: 08:41:51.855958 802.1Q vlan#2114 P0 10.28.5.38.64959 &gt; 10.28.39.93.443: . ack 2159168689 win 65280<BR /> 143: 08:41:51.856431 802.1Q vlan#2114 P0 10.28.5.38.64959 &gt; 10.28.39.93.443: . ack 2159171091 win 65280<BR /> 144: 08:41:51.856751 802.1Q vlan#2114 P0 10.28.5.38.64959 &gt; 10.28.39.93.443: . ack 2159172530 win 65280<BR /> 145: 08:41:51.857331 802.1Q vlan#2114 P0 10.28.5.38.64959 &gt; 10.28.39.93.443: . ack 2159174850 win 65280<BR /> 146: 08:41:51.858888 802.1Q vlan#2114 P0 10.28.16.15.61245 &gt; 10.28.39.93.443: . ack 1714259988 win 65280<BR /> 147: 08:41:51.859086 802.1Q vlan#2114 P0 10.28.16.15.61245 &gt; 10.28.39.93.443: . ack 1714261288 win 65280</P> Fri, 21 Feb 2020 15:38:52 GMT https://community.cisco.com/t5/network-security/capture-output/m-p/3368170#M961812 james.weatherman 2020-02-21T15:38:52Z https://community.cisco.com/t5/network-security/capture-output/m-p/3368213#M961813 <P>Hi there,</P> <P>The dot is an <STRONG>ACK</STRONG> flag, and the F is a <STRONG>FIN, ACK</STRONG> .</P> <P>&nbsp;</P> <P>Why don't you dump the capture to PCAP, it would be easier to read:</P> <P>&nbsp;</P> <PRE>copy /pcap capture:XXXX ftp://x.x.x.x/FOO.pcap</PRE> <P>&nbsp;</P> <P>cheers,</P> <P>Seb.</P> Wed, 18 Apr 2018 14:39:50 GMT https://community.cisco.com/t5/network-security/capture-output/m-p/3368213#M961813 Seb Rupik 2018-04-18T14:39:50Z https://community.cisco.com/t5/network-security/capture-output/m-p/3368229#M961814 <P>Man I had a full brain freeze I could not think of what the F was.&nbsp; I knew that 3 way hand shake but completely went blank today.&nbsp; Thank you.&nbsp; I don't have a FTP server in the organization that I can use but working on getting one for other things so will just use it once the server team gets it build for me to try out the command you had in the reply.</P> <P>&nbsp;</P> <P>Thanks again!</P> Wed, 18 Apr 2018 14:53:51 GMT https://community.cisco.com/t5/network-security/capture-output/m-p/3368229#M961814 james.weatherman 2018-04-18T14:53:51Z https://community.cisco.com/t5/network-security/capture-output/m-p/3368234#M961815 <P>What does Push mean in this case I had never heard that term used.&nbsp; The only reason I put it was push was because it was in another tread I had found.</P> Wed, 18 Apr 2018 14:55:55 GMT https://community.cisco.com/t5/network-security/capture-output/m-p/3368234#M961815 james.weatherman 2018-04-18T14:55:55Z https://community.cisco.com/t5/network-security/capture-output/m-p/3368251#M961816 <P>Take a look at the TCP RFC: <A href="https://tools.ietf.org/html/rfc793" target="_blank">https://tools.ietf.org/html/rfc793</A></P> <P>...page 46 under the send and receive commands is detail on the PUSH flag.</P> <P>&nbsp;</P> <P>cheers,</P> <P>Seb.</P> Wed, 18 Apr 2018 15:06:04 GMT https://community.cisco.com/t5/network-security/capture-output/m-p/3368251#M961816 Seb Rupik 2018-04-18T15:06:04Z