Document toolboxDocument toolbox

TCP flags (tcpflags)

Owned by Juan Tomás Alonso Nieto (Deactivated)
Last updated: May 11, 2023 by Sarah Bigault (Deactivated)
1 min read

Description

Returns the flags or control bits value of a TCP segment. This field contains the following 9 1-bit flags in this order:

NS

ECN-nonce concealment protection (experimental)

CWR

Congestion Window Reduced. Set by the sender to indicate that it received a TCP segment with the ECE flag set and had responded in the congestion control mechanism

ECE

 ECN-Echo. Has a dual-mode depending on the value of the SYN flag:

  • SYN set (1) → the TCP peer is ECN capable

  • SYN clear (0) → a packet with Congestion Experienced flag set (ECN=11) in IP header received during normal transmission. This serves as an indication of network congestion to the TCP sender

URG

Indicates that the Urgent pointer field is significant

ACK

Indicates that the Acknowledgment field is significant. All packets after the initial SYN packet sent by the client should have this flag set

PSH

Push function. Asks to push the buffered data to the receiving application

RST

Reset the connection

SYN

Synchronize sequence numbers. Only the first packet sent from each end should have this flag set

FIN

Last package from the sender

How does it work in the search window?

Select Create field in the search window toolbar, then select the TCP flags operation. You need to specify one argument:

Argument

Data type

Argument

Data type

Packet mandatory

packet

The data type of the values in the new field is integer.

How does it work in LINQ?

Use the operator select... as...  and add the operation syntax to create the new field. This is the syntax for the TCP flags operation:

  • tcpflags(packet)