Ich würde sagen:
flags DF *grins was immer das bedeutet *ohje
tcpdump -c 20 -vvveni venet0 host 46.148.27.6
tcpdump: listening on venet0, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
11:34:28.675017 In ethertype IPv4 (0x0800), length 56: (tos 0x0, ttl 120, id 26643, offset 0, flags [DF], proto TCP (6), length 40)
46.148.27.6.65276 > 81.169.156.XXX.XXX: Flags [F.], cksum 0xa9df (correct), seq 2829218827, ack 1566790585, win 255, length 0
11:34:28.675299 Out ethertype IPv4 (0x0800), length 56: (tos 0x0, ttl 64, id 4972, offset 0, flags [DF], proto TCP (6), length 40)
81.169.156.XXX.XXX > 46.148.27.6.65276: Flags [F.], cksum 0xaa6a (correct), seq 1, ack 1, win 115, length 0
11:34:28.694138 In ethertype IPv4 (0x0800), length 56: (tos 0x0, ttl 120, id 26660, offset 0, flags [DF], proto TCP (6), length 40)
46.148.27.6.65276 > 81.169.156.XXX.XXX: Flags [.], cksum 0xa9de (correct), seq 1, ack 2, win 255, length 0
11:37:17.925659 In ethertype IPv4 (0x0800), length 68: (tos 0x2,ECT(0), ttl 120, id 10241, offset 0, flags [DF], proto TCP (6), length 52)
46.148.27.6.51760 > 81.169.156.XXX.XXX: Flags [SEW], cksum 0x72b4 (correct), seq 4177715258, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
11:37:17.925722 Out ethertype IPv4 (0x0800), length 68: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
81.169.156.XXX.XXX > 46.148.27.6.51760: Flags [S.E], cksum 0xee82 (correct), seq 1624902335, ack 4177715259, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
11:37:17.944271 In ethertype IPv4 (0x0800), length 56: (tos 0x0, ttl 120, id 10253, offset 0, flags [DF], proto TCP (6), length 40)
46.148.27.6.51760 > 81.169.156.XXX.XXX: Flags [.], cksum 0x679d (correct), seq 1, ack 1, win 256, length 0
11:37:17.946312 Out ethertype IPv4 (0x0800), length 110: (tos 0x2,ECT(0), ttl 64, id 2867, offset 0, flags [DF], proto TCP (6), length 94)
81.169.156.XXX.XXX > 46.148.27.6.51760: Flags [P.], cksum 0x3865 (incorrect -> 0x54cc), seq 1:55, ack 1, win 115, length 54: SMTP, length: 54
220 h2728344.stratoserver.net ESMTP Postfix (Ubuntu)
11:37:18.017683 In ethertype IPv4 (0x0800), length 56: (tos 0x0, ttl 120, id 10286, offset 0, flags [DF], proto TCP (6), length 40)
46.148.27.6.51760 > 81.169.156.XXX.XXX: Flags [.], cksum 0x6767 (correct), seq 1, ack 55, win 256, length 0
11:37:18.312645 In ethertype IPv4 (0x0800), length 85: (tos 0x2,ECT(0), ttl 120, id 10397, offset 0, flags [DF], proto TCP (6), length 69)
46.148.27.6.51760 > 81.169.156.XXX.XXX: Flags [P.], cksum 0x457f (correct), seq 1:30, ack 55, win 256, length 29: SMTP, length: 29
EHLO win-e73f2aa0c2n.domain
11:37:18.312673 Out ethertype IPv4 (0x0800), length 56: (tos 0x0, ttl 64, id 2868, offset 0, flags [DF], proto TCP (6), length 40)
81.169.156.XXX.XXX > 46.148.27.6.51760: Flags [.], cksum 0x67d7 (correct), seq 55, ack 30, win 115, length 0
11:37:18.312874 Out ethertype IPv4 (0x0800), length 237: (tos 0x2,ECT(0), ttl 64, id 2869, offset 0, flags [DF], proto TCP (6), length 221)
81.169.156.XXX.XXX > 46.148.27.6.51760: Flags [P.], cksum 0x38e4 (incorrect -> 0xbd75), seq 55:236, ack 30, win 115, length 181: SMTP, length: 181
250-h2728344.stratoserver.net
250-PIPELINING
250-SIZE 102400000
250-ETRN
250-STARTTLS
250-AUTH DIGEST-MD5 CRAM-MD5 PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
11:37:18.417793 In ethertype IPv4 (0x0800), length 56: (tos 0x0, ttl 120, id 10424, offset 0, flags [DF], proto TCP (6), length 40)
46.148.27.6.51760 > 81.169.156.XXX.XXX: Flags [.], cksum 0x6696 (correct), seq 30, ack 236, win 255, length 0
11:37:19.976661 In ethertype IPv4 (0x0800), length 68: (tos 0x2,ECT(0), ttl 120, id 10503, offset 0, flags [DF], proto TCP (6), length 52)
46.148.27.6.51760 > 81.169.156.XXX.XXX: Flags [P.], cksum 0x0af9 (correct), seq 30:42, ack 236, win 255, length 12: SMTP, length: 12
AUTH LOGIN
11:37:19.976772 Out ethertype IPv4 (0x0800), length 74: (tos 0x2,ECT(0), ttl 64, id 2870, offset 0, flags [DF], proto TCP (6), length 58)
81.169.156.XXX.XXX > 46.148.27.6.51760: Flags [P.], cksum 0x3841 (incorrect -> 0xfd76), seq 236:254, ack 42, win 115, length 18: SMTP, length: 18
334 VXNlcm5hbWU6
11:37:20.205986 In ethertype IPv4 (0x0800), length 56: (tos 0x0, ttl 120, id 10665, offset 0, flags [DF], proto TCP (6), length 40)
46.148.27.6.51760 > 81.169.156.XXX.XXX: Flags [.], cksum 0x6678 (correct), seq 42, ack 254, win 255, length 0
11:37:21.188991 In ethertype IPv4 (0x0800), length 66: (tos 0x2,ECT(0), ttl 120, id 10880, offset 0, flags [DF], proto TCP (6), length 50)
46.148.27.6.51760 > 81.169.156.XXX.XXX: Flags [P.], cksum 0xf1f4 (correct), seq 42:52, ack 254, win 255, length 10: SMTP, length: 10
cGUtYnU=
11:37:21.189087 Out ethertype IPv4 (0x0800), length 74: (tos 0x2,ECT(0), ttl 64, id 2871, offset 0, flags [DF], proto TCP (6), length 58)
81.169.156.XXX.XXX > 46.148.27.6.51760: Flags [P.], cksum 0x3841 (incorrect -> 0xda73), seq 254:272, ack 52, win 115, length 18: SMTP, length: 18
334 UGFzc3dvcmQ6
11:37:21.208668 In ethertype IPv4 (0x0800), length 70: (tos 0x2,ECT(0), ttl 120, id 10947, offset 0, flags [DF], proto TCP (6), length 54)
46.148.27.6.51760 > 81.169.156.XXX.XXX: Flags [P.], cksum 0x5e04 (correct), seq 52:66, ack 272, win 255, length 14: SMTP, length: 14
aW5mbzIwMDk=
11:37:21.218212 Out ethertype IPv4 (0x0800), length 120: (tos 0x2,ECT(0), ttl 64, id 2872, offset 0, flags [DF], proto TCP (6), length 104)
81.169.156.XXX.XXX > 46.148.27.6.51760: Flags [P.], cksum 0x386f (incorrect -> 0x4a99), seq 272:336, ack 66, win 115, length 64: SMTP, length: 64
535 5.7.8 Error: authentication failed: authentication failure
11:37:21.314499 In ethertype IPv4 (0x0800), length 56: (tos 0x0, ttl 120, id 10969, offset 0, flags [DF], proto TCP (6), length 40)
46.148.27.6.51760 > 81.169.156.XXX.XXX: Flags [.], cksum 0x660e (correct), seq 66, ack 336, win 255, length 0
20 packets captured
20 packets received by filter
0 packets dropped by kernel