The last two bits are used for ECN I believe. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of bill fumerola Sent: Tuesday, November 28, 2006 3:13 PM To: Awais Awan Cc: [email protected] Subject: Re: [Flow-tools] flow tools tcp flags
On Tue, Nov 28, 2006 at 08:03:51PM +0000, Awais Awan wrote: > We know that there are 6 possible flags for TCP which are > URG-ACK-PSH-RST-SYN-FIN (ox2 giving us SYN) > > But net-flow reserves 8 bits for ip-tcp-flags (0-255 values) Can anyone > tell me why net-flow has kept 8 bits for ip-tcp-flags? and what are the > other two bits? because that's how big the field on the wire is. Vladis already answered what the other two bits are: http://mailman.splintered.net/pipermail/flow-tools/2006-November/003354.html from /usr/include/netinet/tcp.h on osx/freebsd: #define TH_ECE 0x40 #define TH_CWR 0x80 -- bill _______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools _______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
