IDS mailing list archives

Re: TCP Flags and HEX

From: Chris Reining <creining () packetfu org>
Date: Fri, 20 Feb 2004 19:36:23 -0600

Eric, GCIA,

What you have with a SYN bit set in the 8bit/13th byte field is
the following layout of flags and bits set (0 is off, 1 is on):

|C|E|U|A|P|R|S|F|
|---------------|
|0 0 0 0 0 0 1 0| -> 00000010 binary

At this point you take the binary value 00000010 and convert it to
decimal:

|128 64 32 16 8 4 2 1|
|--------------------|
|  0| 0| 0| 0|0|0|1|0| -> 2, or 0x02

Now let's try FIN and ACK bits set:

|C|E|U|A|P|R|S|F|
|---------------|
|0 0 0 1 0 0 0 1| -> 00010001 binary

|128 64 32 16 8 4 2 1|
|--------------------|
|  0| 0| 0| 1|0|0|0|1| -> 17, or 0x11

HTH,
Chris

On Wed, Feb 18, 2004 at 09:25:23AM -0800, Eric Hines wrote:

Does anyone have a URL that gives the different hex/ascii values for the 13th 
byte offset of the TCP Header and their corresponding TCP flag?

e.g. 0x02=SYN, etc.


Thanks,
Eric Hines, GCIA

-------------------------------------------
Eric Hines, GCIA
CEO, Chairman
Applied Watch Technologies, Inc.
web: http://www.appliedwatch.com
email: eric.hines () appliedwatch com


---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that integrates 
six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.securityfocus.com/sponsor/Astaro_focus-ids_040219
---------------------------------------------------------------------------

Current thread:

TCP Flags and HEX Eric Hines (Feb 20)
- Re: TCP Flags and HEX James Riden (Feb 23)
- Re: TCP Flags and HEX Josh Tolley (Feb 23)
- Re: TCP Flags and HEX Chris Reining (Feb 23)