On Tue, Nov 28, 2006 at 08:03:51PM +0000, Awais Awan wrote: > We know that there are 6 possible flags for TCP which are > URG-ACK-PSH-RST-SYN-FIN (ox2 giving us SYN) > > But net-flow reserves 8 bits for ip-tcp-flags (0-255 values) Can anyone > tell me why net-flow has kept 8 bits for ip-tcp-flags? and what are the > other two bits?
because that's how big the field on the wire is. Vladis already answered what the other two bits are: http://mailman.splintered.net/pipermail/flow-tools/2006-November/003354.html from /usr/include/netinet/tcp.h on osx/freebsd: #define TH_ECE 0x40 #define TH_CWR 0x80 -- bill _______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
