I think the S (for Sync) flag might be part of the start of a conversation.
Bah. I may have misinterprited the acks. You might only send "how many bytes incoming have I heard", so the ack 1 on the (other computer>your computer) packets simply means that the other computer hasn't heard anything from your computer since tcpdump started listening in...
Ayep, I'm now pretty sure this is true.
So, reedit:
Quote:
src > dst: flags data-seqno ack window urgent options
22:18:19.032975 81.134.108.43.20500 > my-ip.1439: P 130706573:130706575(2) ack 154129622 win 16295 (DF)
// first time tcpdump saw the conversation, hence the huge sequence numbers. Only 2 bytes in this packet
22:18:19.041633 81.134.108.43.20500 > my-ip.1439: P 2:147(145) ack 1 win 16295 (DF)
// Another 145 bytes in this packet. Remote computer hasn't heard anything from your computer since tcpdump started monitoring.
22:18:19.041908 my-ip.1439 > 81.134.108.43.20500: . ack 147 win 64089 (DF)
// Your computer says "I've seen 147 bytes" (number is since tcpdump first started monitoring conversation).
// This packet contains no data, btw.
22:18:19.127558 81.134.108.43.20500 > my-ip.1439: P 147:149(2) ack 1 win 16295 (DF)
// Other computer sends another 2 bytes. Remove computer still hasn't heard anything.
22:18:19.132455 81.134.108.43.20500 > my-ip.1439: P 149:262(113) ack 1 win 16295 (DF)
// Other computer sends another 113 bytes. Remote computer hasn't heard anything from your computer since tcpdump started monitoring.
22:18:19.132716 my-ip.1439 > 81.134.108.43.20500: . ack 262 win 63974 (DF)
// Your computer says "I've heard 262 bytes (since tcpdump started listening into this conversation).
// no data from your computer to remote computer sent in this packet
|
Sorry! Never used tcpdump before. =)