01-06-2018 09:28 PM - edited 02-21-2020 07:05 AM
Hi Experts,
I need some help from from you guys.
Today I was doing packet capture on Cisco ASA and during the capture in my logs I saw SWE flag. Can anyone please let me know does it mean
I also tried googling it but didn’t get accurate answers.
Appreciate any quick response.
01-06-2018 11:23 PM
Hello,
Can you please attach a portion of logs/captures where you encountered the SWE flag. You can remove sensitive info as required.
Regards,
AJ
01-08-2018 06:11 AM
01-09-2018 04:58 AM
Hello,
Please refer to my first response. I found a link that explains the tcp options utilising the SWE flags.
Regards,
AJ
12-02-2020 07:16 PM
Hi there,
I found similar SWE Flag when I did packet capture during tshooting.
Turns out, there is another device after this firewall which is blocking the traffic.
So , it seem from the packet capture example above -- only Syn is sent.
Syn/Ack is not coming back from the destination host. Thus resulting to a TCP timeout.
Hope this helps ...
Raj Veeriah
01-08-2018 12:03 AM
Okay, found something and makes sense:
https://forums.gentoo.org/viewtopic-t-509973-start-0.html
-HTH
AJ
09-21-2022 07:36 AM
@sambillings459 SWE es por que tiene SYN+ECN Echo+ECN Cwnd Reducido, por lo que SYN inicial asi utiliza un "paquete SYN de configuración de ECN". Indica que el host que envía el paquete es compatible con ECN.
"E" tiene SYN+ECN Echo establecido; probablemente también tenga configurado ACK (según el campo "ack" en el paquete), por lo que es una respuesta SYN+ACK al SYN inicial, y es, para usar la terminología en la sección 6.1.1 de RFC 3168, un " Paquete SYN-ACK de configuración ECN". Indica que el host que envía el paquete es compatible con ECN.
El ECN tiene la bondad de una notificación de congestión de extremo a extremo entre dos puntos de conexión en redes basadas en TCP/IP.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: