How to filter TCP SYN that has their bits set to 1?

asked 2019-10-15 00:49:06 +0000

tada234 gravatar image

I'm trying to understand how to use filters, how would I filter to find TCP SYN with their bits set to 1?

1 Answer

answered 2019-10-15 02:05:08 +0000

Chuckc gravatar image

updated 2019-10-15 02:05:43 +0000

You didn't specifically say display filters but will assume you're working with an existing capture.

Either of these will show frames with the SYN bit set:



tcp.flags & 0x02

If you want to exclude SYN/ACK frames and only show SYN use this:

tcp.flags.syn==1 && tcp.flags.ack==0
Asked: 2019-10-15 00:49:06 +0000

Seen: 3,277 times

Last updated: Oct 15 '19