URG Flag

Herve_Brelivet · January 12, 2005, 5:19pm

Hello,

I would like to know how I can retrieve urg flag in the tcp segment or count the number of tcp packets with a URG flag in a connection ?

thanks

Ruoming_Pang · January 12, 2005, 6:50pm

One way is through event tcp_packet:

event tcp_packet(c: connection, is_orig: bool, flags: string, seq: count, ack: count, len: count, payload: string)
  {
  if ( strstr(flags, "U") > 0 )
    {
    ...
    }
  }

But please note that it requires a per-TCP-packet event and thus only works for low volume traffic.

Ruoming

Topic		Replies	Views
URG Flag Zeek	1	75	May 6, 2022
Method to detect tcp urgent flag Zeek	1	141	May 6, 2022
count connection bytes Zeek	2	249	May 6, 2022
Absolute ack and seq number of tcp packet Zeek	2	109	May 6, 2022
TCP state change event, or other solution Zeek	1	79	May 6, 2022

URG Flag

Related topics