>Hello,
>I have just switched from using snoop to tcpdump. I am
>getting my hands around creating filters for tcpdump.
>I am looking a filter such as this:
>
>
>tcp and (tcp[13] & 3 != 0)
>
>
>Now I know that the 13 is they byte in the tcp header
>at which either the syn,fin,ack,urg,push or restet
>bits is set. However the "& 3 != 0" seem to make no
>sense to me. could someone break this down for me? I
>would really appreciate it as this seem to be the key
>for creating filters based on flags. TIA
>
>__________________________________________________
>Do You Yahoo!?
>Try FREE Yahoo! Mail - the world's greatest free email!
>http://mail.yahoo.com/
>_______________________________________________
>Firewalls mailing list
>[EMAIL PROTECTED]
>http://lists.gnac.net/mailman/listinfo/firewalls
You've made a mistake in priority of the operators in boolean expression.
This condition expression is equal to :
tcp and ( ( tcp[13] & 3 ) !=0) //if there is FIN or SYN flag in the
tcp packet.
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
