There are two TCP headers, ECN Echo and ECN Cwnd Reduced, that tcpdump recognizes and outputs the existence of, but aren't listed in the manpage. The relevant section of tcpdump.1, near the top of the TCP Packets section, line 743: Flags are some combination of S (SYN), F (FIN), P (PUSH) or R (RST) or a single `.' (no flags). Data-seqno describes the portion of sequence The part of print-tcp.c that produces the header flag output, inside the function tcp_print, line 274: if ((flags = tp->th_flags) & (TH_SYN|TH_FIN|TH_RST|TH_PUSH| TH_ECNECHO|TH_CWR)) { if (flags & TH_SYN) putchar('S'); if (flags & TH_FIN) putchar('F'); if (flags & TH_RST) putchar('R'); if (flags & TH_PUSH) putchar('P'); if (flags & TH_CWR) putchar('W'); /* congestion _W_indow reduced (ECN) */ if (flags & TH_ECNECHO) putchar('E'); /* ecn _E_cho sent (ECN) */ } else putchar('.'); W and E are not documented in the manpage. Reproducible: Always Steps to Reproduce: 1.Run tcpdump 2.Receive a packet with the W or E header flags set 3.Wonder what W and E mean, as they aren't in the manpage.
this should be sent upstream
reported upstream.
fixed in tcpdump 3.8.1 : \fIFlags\fP are some combination of S (SYN), F (FIN), P (PUSH), R (RST), W (ECN CWR) or E (ECN-Echo), or a single `.' (no flags).
3.8.3-r1 is in stable
