[Winpcap-users] TCP Header and Flags

Marcel van Lieshout marcel at hmcs.nl
Thu Jul 6 17:33:37 GMT 2006

It looks like &-ing with TH_FLAGS gives a quick check if any flag is set. The same & isolates all flags from the word they are contained in.

Something like:

if(flags = hdrword & TH_FLAGS) {
} else {
  ----- Original Message ----- 
  From: ahsan askari 
  To: winpcap-users at winpcap.org 
  Sent: Thursday, July 06, 2006 7:07 PM
  Subject: [Winpcap-users] TCP Header and Flags


  I had a look at sniffex.c at http://www.tcpdump.org/pcap.htm and I found the TCP Header structure. That structure has the following 

          u_char  th_flags; 
          #define TH_FIN  0x01
          #define TH_SYN  0x02
          #define TH_RST  0x04
          #define TH_PUSH 0x08
          #define TH_ACK  0x10
          #define TH_URG  0x20
          #define TH_ECE  0x40 
          #define TH_CWR  0x80
          #define TH_FLAGS        (TH_FIN|TH_SYN|TH_RST|TH_ACK|TH_URG|TH_ECE|TH_CWR)

  I know that if I want to check any flag value in th_flags field I just have to "&" that with flag value but could anyone tell me how I could use TH_FLAGS and why is it there ? 

  Thank you


  Winpcap-users mailing list
  Winpcap-users at winpcap.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winpcap.org/pipermail/winpcap-users/attachments/20060706/7f5d590b/attachment.htm

More information about the Winpcap-users mailing list