书名：Network Analysis Using Wireshark 2 Cookbook（Second Edition）
作者名：Nagendra Kumar Nainar Yogesh Ramdoss Yoram Orzach
本章字数：108字
更新时间：2021-08-27 19:30:20

There's more...

Some problematic scenarios (mostly attacks) are:

tcp[13] & 0x00 = 0: No flags set (null scan)
tcp[13] & 0x01 = 1: fin set and ack not set
tcp[13] & 0x03 = 3: syn set and fin set
tcp[13] & 0x05 = 5: rst set and fin set
tcp[13] & 0x06 = 6: syn set and rst set
tcp[13] & 0x08 = 8: psh set and ack not set

In the following diagram, you can see how it works. tcp[13] is the number of bytes from the beginning of the protocol header, when the values 0, 1, 3, 5, 6, and 8 refer to the flag locations: