On Mon, Nov 27, 2006 at 08:12:58PM +0000, Awais Awan wrote: > I am working with slow tools and i want to llok at different flags using > n-filter. I have managed to look at SYN packets with ip-tcp-flag set to > 0x2 and ack packets with 0x10. Are these correct flags? Can i see at any > list of these tcp flags? Which tells me which flag represetns what. Like > they have told in the man pages that 0x2 will work for filtering SYN > packets. but what about other flags? is there any list that can tell me > the details of all falgs?
flags: bit (left to right in net order) URG ACK PSH RST SYN FIN #define TH_FIN 0x01 #define TH_SYN 0x02 #define TH_RST 0x04 #define TH_PUSH 0x08 #define TH_ACK 0x10 #define TH_URG 0x20 I had the same questions you did a couple of years ago, and it turns out that this information isn't in the flow-tools documentation. I found the above by digging through the source code. The flags are the same as found in the TCP packet header. _______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
