This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

bits of SIN

0

What should I do to understand which bit of SIN is 1?I mean for example first bit or second bit or third...

asked 22 Feb '11, 09:47

baran's gravatar image

baran
1334
accept rate: 0%

edited 29 Feb '12, 19:18

cmaynard's gravatar image

cmaynard ♦♦
9.4k1038142

One Answer:

1

The SYN bit is always the second bit of the TCP flags field. So the second bit of the 14th byte of the TCP header is the SYN bit.

answered 22 Feb '11, 10:08

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

thanks for answering me but I don't want to know which bit of TCP is SYN bit in fact I want to know which bit of SYN is one(1).

(22 Feb '11, 11:15) baran

Then I don't really understand your question... could you explain it a little more? What is the background of your question?

(22 Feb '11, 11:39) SYN-bit ♦♦

Maybe my question is wrong,it is one of my university assignments.If I understand more about it I will write it in a better way,anyway thanks

(22 Feb '11, 11:56) baran

Maybe this is simply a question of how to filter all packets that have the SYN bit set (a.k.a SYN bit being 1)? In that case the display filter would be "tcp.flags.syn==1", or, if you don't want the SYN/ACK packets you'd filter for "tcp.flags==0x02".

(22 Feb '11, 12:06) Jasper ♦♦

I got a better understanding about this question,I realized that SYN includes four bits and if the first bit is 1 it means that it is FIN and if the second bit is 1 it means that it is SYN and something like that about the last two bits but I don't know if they are one what it means.Now how can we recognize which bit of SYN is 1?(that it can have different meanings which I explained)

(23 Feb '11, 20:22) baran
1

What you call "SYN" or "SIN" is the TCP flags field. In the TCP flags field, one of the bits is called SYN and as you already discovered, this is the second bit. If you expand the TCP flags field in the packet detail (second) pane of Wireshark, you see what the other bits are. In short, they are FIN, SYN, RST, PSH, ACK, URG, ECE, CWR and NS. Have a look at RFC 793 for more info on the function of the TCP flags.

(23 Feb '11, 23:41) SYN-bit ♦♦
1

No, sorry, SYN doesn't include four bits, it is still just one bit.

The TCP header has one byte (8 bits) dedicated to be used as "flags". One of those can be used to indicate things like "I want to establish a connection", and is called the "SYN flag" (or "SYN bit"). It is just one single bit (not four), and it is always the same bit. This bit is either 0 (usually telling you that the connection is already established) or 1 (meaning that the connection setup is going one just now).

You really should look up the "TCP Three Way Handshake" ;-)

(23 Feb '11, 23:49) Jasper ♦♦
showing 5 of 7 show 2 more comments