Field name |
Description |
Type |
tcp
|
TCP
|
No value (only supports checking if file exists or not)
|
tcp.srcport
|
Source Port
|
Unsigned Integer, 2 byte
|
tcp.dstport
|
Destination Port
|
Unsigned Integer, 2 byte
|
tcp.seq
|
Sequence Number
|
Unsigned Integer, 4 byte
|
tcp.ack
|
Acknowledgment Number
|
Unsigned Integer, 4 byte
|
tcp.hdr_len
|
Header Length
|
Numeric Value (Signed/Unsigned Integer)
|
tcp.flags
|
Flags
|
String Value
|
tcp.flags.res
|
Reserved
|
Signed/Unsigned Integer Value
|
tcp.flags.ns
|
Nonce
|
Signed/Unsigned Integer Value
|
tcp.flags.cwr
|
Congestion Window Reduced (CWR)
|
Signed/Unsigned Integer Value
|
tcp.flags.ecn
|
ECN-Echo
|
Signed/Unsigned Integer Value
|
tcp.flags.urg
|
Urgent
|
Signed/Unsigned Integer Value
|
tcp.flags.ack
|
Acknowledgment
|
Signed/Unsigned Integer Value
|
tcp.flags.push
|
Push
|
Signed/Unsigned Integer Value
|
tcp.flags.reset
|
Reset
|
Signed/Unsigned Integer Value
|
tcp.flags.syn
|
Syn
|
Signed/Unsigned Integer Value
|
tcp.flags.fin
|
Fin
|
Signed/Unsigned Integer Value
|
tcp.window_size
|
Calculated Window Size
|
Unsigned Integer, 2 byte
|
tcp.checksum
|
Checksum
|
Unsigned Integer, 2 byte
|
tcp.urgent_pointer
|
Urgent Pointer
|
Unsigned Integer, 2 byte
|
tcp.opts.opt
|
TCP Options
|
No value (only supports checking if file exists or not)
|
tcp.opts.opt.typ
|
TCP Option
|
No value (only supports checking if file exists or not)
|
tcp.opts.opt.type
|
Option Type
|
Signed/Unsigned Integer Value
|
tcp.opts.opt.length
|
Option Length
|
Unsigned Integer, 1 byte
|
tcp.opts.opt.data
|
Data [Unsupported Option]
|
String of hexadecimal bytes
|
tcp.opts.opt.ss
|
Segment Size
|
Unsigned Integer, 2 byte
|
tcp.opts.opt.ws
|
Window Scaling
|
Unsigned Integer, 1 byte
|
tcp.opts.opt.sack
|
TCP SACK
|
No value (only supports checking if file exists or not)
|
tcp.opts.opt.sack_le
|
TCP SACK Left Edge
|
Unsigned Integer, 4 byte
|
tcp.opts.opt.sack_re
|
TCP SACK Right Edge
|
Unsigned Integer, 4 byte
|
tcp.opts.opt.timestamp.tsval
|
Timestamp Value
|
Unsigned Integer, 4 byte
|
tcp.opts.opt.timestamp.tsecr
|
Timestamp Echo Reply
|
Unsigned Integer, 4 byte
|
tcp.opts.opt.md5_digest
|
MD5 Digest
|
String of hexadecimal bytes
|
tcp.opts.opt.malformed_payload
|
Malformed Option Payload
|
String of hexadecimal bytes
|
tcp.opts.opt.malformed
|
Malformed Option
|
Length Of Malformed Option
|