IDS mailing list archives
Re: TCP Flags and HEX
From: Chris Reining <creining () packetfu org>
Date: Fri, 20 Feb 2004 19:36:23 -0600
Eric, GCIA, What you have with a SYN bit set in the 8bit/13th byte field is the following layout of flags and bits set (0 is off, 1 is on): |C|E|U|A|P|R|S|F| |---------------| |0 0 0 0 0 0 1 0| -> 00000010 binary At this point you take the binary value 00000010 and convert it to decimal: |128 64 32 16 8 4 2 1| |--------------------| | 0| 0| 0| 0|0|0|1|0| -> 2, or 0x02 Now let's try FIN and ACK bits set: |C|E|U|A|P|R|S|F| |---------------| |0 0 0 1 0 0 0 1| -> 00010001 binary |128 64 32 16 8 4 2 1| |--------------------| | 0| 0| 0| 1|0|0|0|1| -> 17, or 0x11 HTH, Chris On Wed, Feb 18, 2004 at 09:25:23AM -0800, Eric Hines wrote:
Does anyone have a URL that gives the different hex/ascii values for the 13th byte offset of the TCP Header and their corresponding TCP flag? e.g. 0x02=SYN, etc. Thanks, Eric Hines, GCIA ------------------------------------------- Eric Hines, GCIA CEO, Chairman Applied Watch Technologies, Inc. web: http://www.appliedwatch.com email: eric.hines () appliedwatch com
--------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.securityfocus.com/sponsor/Astaro_focus-ids_040219 ---------------------------------------------------------------------------
Current thread:
- TCP Flags and HEX Eric Hines (Feb 20)
- Re: TCP Flags and HEX James Riden (Feb 23)
- Re: TCP Flags and HEX Josh Tolley (Feb 23)
- Re: TCP Flags and HEX Chris Reining (Feb 23)