Ok, what is the deal with this? (By the way, I don't care if this sounds like mindless rambling. It's late on a Saturday night and I'm analyzing traffic. W00t.)
Here are TCP flags from a random segment.
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
TCP flags occupy 1 byte, and that's it. Why does Wireshark/etc. say
Flags: 0x0018 (PSH, ACK)
Why not
Flags: 0x18 (PSH, ACK)
that instead?
0 komentar:
Posting Komentar