URG is used by a sender to state the importance of TCP data it is sending to a host. The URG flag is not processed by the network so it is only processed by the end host. The ASA actually by default strips the URG flag as a security measure so in regards to the security field it is not a current valid implementation.
Here is a really "interesting" presentation in talks about the current dilemmas with the implementation of the flag (well really the urgent pointer bytes that are used in conjunction with the URG flag). Feel free to use any time you feel you can't sleep. http://www.gont.com.ar/talks/IETF73/ietf73-tcpm-urgent-data.ppt The Push flag is used by a sender to tell the receiving host to process all current data. There are applications that use both of these flags but I cannot name an implementation of them. RFC 793 is the source for information about the TCP protocol. It is pretty old. Goes back to 1981. Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Kamran Shakil Sent: Sunday, July 11, 2010 10:46 AM To: [email protected] Subject: [OSL | CCIE_Security] TCP FLAGS ????? Dears, I am confused in one thing ~!~ in the TCP flag options of packets , when do we really need or see the packet flag for PSH or URG is activated or turned on ????? I have seen debugs and tcpdump on some firewalls with SYN , ACK , RST and FIN flags being sent or received, BUT WHERE is URG or PSH really works or can be seen ????? Waiting for experts to comment plz... Kamran Shakil _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
