Hello, I have just switched from using snoop to tcpdump. I am getting my hands around creating filters for tcpdump. I am looking a filter such as this:
tcp and (tcp[13] & 3 != 0) Now I know that the 13 is they byte in the tcp header at which either the syn,fin,ack,urg,push or restet bits is set. However the "& 3 != 0" seem to make no sense to me. could someone break this down for me? I would really appreciate it as this seem to be the key for creating filters based on flags. TIA __________________________________________________ Do You Yahoo!? Try FREE Yahoo! Mail - the world's greatest free email! http://mail.yahoo.com/ _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
