On Mon, 27 Nov 2006 20:12:58 GMT, Awais Awan said: > I am working with slow tools and i want to llok at different flags using > n-filter. I have managed to look at SYN packets with ip-tcp-flag set to > 0x2 and ack packets with 0x10. Are these correct flags? Can i see at any > list of these tcp flags? Which tells me which flag represetns what. Like > they have told in the man pages that 0x2 will work for filtering SYN > packets. but what about other flags? is there any list that can tell me > the details of all falgs?
I would suggest a good book on the workings of TCP - Stevens comes to mind. Knowing what the bits are without understanding their interactions will just lead to no good (for example - what RFC is being followed if you find a *legitimate* packet that has both SYN and FIN set? :) RFC791, 792, 793 are the official specifications of that stuff (although a few bits got defined later, like ECN in RFC3168). (For bonus points - anybody actually *seen* a legit SYN+FIN? :)
pgpWLs4k4TEaV.pgp
Description: PGP signature
_______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
