On Fri, 8 Mar 2002 [EMAIL PROTECTED] wrote: :It is better to think of the number 3 as a bit mask 0b00000011 :So the command says to and bitmask 3 with contents of byte[13] (masking :out all but the bottom 2 bits S,F) of the TCP header (starting at byte[0]) :then test result to see if it 0 (neither the SYN nor FIN flags is set).
it's !=0, which is true if SYN or FIN is set. :I have just switched from using snoop to tcpdump. I am :getting my hands around creating filters for tcpdump. :I am looking a filter such as this: : :tcp and (tcp[13] & 3 != 0) _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
