Document toolboxDocument toolbox

TCP flags (tcpflags)

Owned by Juan Tomás Alonso Nieto (Unlicensed)
Nov 26, 2020
1 min read

Description

Returns the flags or control bits value of a TCP segment. This field contains the following 9 1-bit flags in this order:

NSECN-nonce concealment protection (experimental)
CWRCongestion Window Reduced. Set by the sender to indicate that it received a TCP segment with the ECE flag set and had responded in the congestion control mechanism
ECE

 ECN-Echo. Has a dual-mode depending on the value of the SYN flag:

  • SYN set (1) → the TCP peer is ECN capable
  • SYN clear (0) → a packet with Congestion Experienced flag set (ECN=11) in IP header received during normal transmission. This serves as an indication of network congestion to the TCP sender
URGIndicates that the Urgent pointer field is significant
ACKIndicates that the Acknowledgment field is significant. All packets after the initial SYN packet sent by the client should have this flag set
PSHPush function. Asks to push the buffered data to the receiving application
RSTReset the connection
SYNSynchronize sequence numbers. Only the first packet sent from each end should have this flag set
FINLast package from the sender

How does it work in the search window?

Select Create column in the search window toolbar, then select the TCP flags operation. You need to specify one argument:

ArgumentData type
Packet (mandatory)
packet

The data type of the values in the new column is integer.

How does it work in LINQ?

Use the operator select... as...  and add the operation syntax to create the new column. This is the syntax for the TCP flags operation:

  • tcpflags(packet)