How to filter TCP SYN that has their bits set to 1?
I'm trying to understand how to use filters, how would I filter to find TCP SYN with their bits set to 1?
1 Answer
- Sort by
oldest newest most voted
0
You didn't specifically say display filters but will assume you're working with an existing capture.
Either of these will show frames with the SYN bit set:
tcp.flags.syn==1
or
tcp.flags & 0x02
If you want to exclude SYN/ACK frames and only show SYN use this:
tcp.flags.syn==1 && tcp.flags.ack==0
Your Answer
Please start posting anonymously - your entry will be published after you log in or create a new account.
This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.
Comments