[Sshcure-discuss] Flags under the flow

[Kapucu, A. <ak...@ke...>]

Hi,


I would like to understand Flags under the flow and How SSHCure is telling its compromised.



Thanks


Could you please explain their meanings


for example;


19:47:58        0.268   220.177.198.43:3262     xxx.xxx.111.158:22      .A.RS.  3       128
19:47:58        0.268   220.177.198.43:3262     xxx.xxx.111.158:22      .A.RS.  3       128
19:48:01        10.144  xxx.xxx.111.158:22      220.177.198.43:1488     .AP.S.  18      2067
19:48:01        10.144  xxx.xxx.111.158:22      220.177.198.43:1488     .AP.S.  18      2067
19:48:01        9.920   220.177.198.43:1488     xxx.xxx.111.158:22      .AP.S.  15      2603
19:48:01        9.920   220.177.198.43:1488     xxx.xxx.111.158:22      .AP.S.  15      2603
19:48:02        12.256  220.177.198.43:1488     xxx.xxx.111.158:22      .APRS.  17      2683
19:48:02        12.256  220.177.198.43:1488     xxx.xxx.111.158:22      .APRS.  17      2683
19:48:14        0.000   xxx.xxx.111.158:22      220.177.198.43:1488     .AP..F  1       40
19:48:14        0.000   xxx.xxx.111.158:22      220.177.198.43:1488     .AP..F  1       40
19:48:14        0.256   xxx.xxx.111.158:22      220.177.198.43:1586     .A.RS.  2       84
19:48:14        0.256   xxx.xxx.111.158:22      220.177.198.43:1586     .A.RS.  2       84
19:48:14        0.256   220.177.198.43:1586     xxx.xxx.111.158:22      .A.RS.  3       128
19:48:14        0.000   220.177.198.43:1488     xxx.xxx.111.158:22      .A.R..  2       80
19:48:14        0.256   220.177.198.43:1586     xxx.xxx.111.158:22      .A.RS.  3       128
19:48:14        0.000   220.177.198.43:1488     xxx.xxx.111.158:22      .A.R..  2       80
19:48:14        0.244   220.177.198.43:1586     xxx.xxx.111.158:22      .A.RS.  3       128
19:48:14        0.244   220.177.198.43:1586     xxx.xxx.111.158:22      .A.RS.  3       128