TCP operations

1. Has TCP segment 

Description

Checks if a packet has or not a TCP segment.

Format

hastcp(arg_1) → result

  • arg_1 : Packet
  • result : Boolean

Examples

  Example 1

pkt → packet field name

hastcp(pkt), where pkt is a packet with a TCP segment

  • arg_1 : pkt
  • result : true
  Example 2

pkt → packet field name

 hastcp(pkt), where pkt is a packet without a TCP segment

  • arg_1 : pkt
  • result : false

2. TCP ACK

Description

Returns the acknowledgment number (ACK) of a TCP segment. This value is the next sequence number expected by the sender.

Format

tcpack(arg_1) → result

  • arg_1 : Packet
  • result : Integer

Examples

  Example 1

pkt → packet field name

tcpack(pkt)

  • arg_1 : pkt
  • result : 64
  Example 2

pkt → packet field name

 tcpack(pkt)

  • arg_1 : pkt
  • result : 1737673944

3. TCP checksum 

Description

Returns the checksum value of a TCP segment. This value is used for error checking of the header and data.

Format

tcpcs(arg_1) → result

  • arg_1 : Packet
  • result : Integer

Examples

  Example 1

pkt → packet field name

tcpcs(pkt)

  • arg_1 : pkt
  • result : 37667
  Example 2

pkt → packet field name

 tcpcs(pkt)

  • arg_1 : pkt
  • result : 46494

4. TCP destination port 

Description

Returns the destination port of a TCP segment. This value identifies the receiving port.

Format

tcpdst(arg_1) → result

  • arg_1 : Packet
  • result : Integer

Examples

  Example 1

pkt → packet field name

tcpdst(pkt)

  • arg_1 : pkt
  • result : 22
  Example 2

pkt → packet field name

 tcpdst(pkt)

  • arg_1 : pkt
  • result : 443

5. TCP flags

Description

Returns the flags or control bits value of a TCP segment.

  This field contains the following 9 1-bit flags (in the following order)
  • NS → ECN-nonce concealment protection (experimental)
  • CWR → Congestion Window Reduced. Set by the sender to indicate that it has received a TCP segment with the ECE flag set and had responded in congestion control mechanism.
  • ECE → ECN-Echo. Has a dual mode depending on the value of the SYN flag:
    • SYN set (1) → the TCP peer is ECN capable.
    • SYN clear (0) → a packet with Congestion Experienced flag set (ECN=11) in IP header received during normal transmission. This serves as an indication of network congestion to the TCP sender.
  • URG → Indicates that the Urgent pointer field is significant.
  • ACK → Indicates that the Acknowledgment field is significant. All packets after the initial SYN packet send by the client should have this flag set.
  • PSH → Push function. Asks to push the buffered data to the receiving application.
  • RST → Reset the connection.
  • SYN → Synchronize sequence numbers. Only the first packet sent from each end should have this flag set.
  • FIN → Last package from sender.

Format

tcpflags(arg_1) → result

  • arg_1 : Packet
  • result : Integer

Examples

  Example 1

pkt → packet field name

tcpflags(pkt)

  • arg_1 : pkt
  • result : 24 (ACK and PSH are set)
  Example 2

pkt → packet field name

 tcpflags(pkt)

  • arg_1 : pkt
  • result : 16 (ACK is set)

6. TCP header length

Description

Returns the header length or data offset of a TCP segment. The minimum length is 5 words (20 bytes) and the maximum is 15 words (60 bytes).

Format

tcphl(arg_1) → result

  • arg_1 : Packet
  • result : Integer

Examples

  Example 1

pkt → packet field name

tcphl(pkt)

  • arg_1 : pkt
  • result : 8
  Example 2

pkt → packet field name

 tcphl(pkt)

  • arg_1 : pkt
  • result : 10

7. TCP payload

Description

Returns the payload or data section of a TCP segment.

Format

tcppayload(arg_1) → result

  • arg_1 : Packet
  • result : Bytes array

Examples

  Example 1

pkt → packet field name

tcppayload(pkt)

  • arg_1 : pkt
  • result : 5375CC48C72A41305132FAE7 4A6A94997C4F6BBB1FB15A4A 18FF51A679AA2A2DEEC34B8E
  Example 2

pkt → packet field name

tcppayload(pkt)

  • arg_1 : pkt
  • result : 485454502F312E31203230342 04E6F20436F6E74656E740D0A 446174653A205765642C20303 8204665622032303137203136 3A33303A343820474D540D0A4 3616368652D436F6E74726F6C 3A206E6F2D73746F72650D0A0D0A

***where fromutf8(tcppayload(pkt)) = HTTP/1.1 204 No Content Date: Wed, 08 Feb 2017 16:30:48 GMT Cache-Control: no-store

Please note that non-encrypted data can be shown with fromtuf8(pkt).

8. TCP window size

Description

Returns the received window size of a TCP segment. This field specifies the number of bytes that the sender of the segment is currently willing to receive.

Format

tcpwin(arg_1) → result

  • arg_1 : Packet
  • result : Integer

Examples

  Example 1

pkt → packet field name

tcpwin(pkt)

  • arg_1 : pkt
  • result : 400
  Example 2

 pkt → packet field name

  tcpwin(pkt)

  • arg_1 : pkt
  • result : 5565

9. TCP sequence number

Description

Returns the sequence number of a TCP segment.

Format

tcpseq(arg_1) → result

  • arg_1 : Packet
  • result : Integer

Examples

  Example 1

pkt → packet field name

tcpseq(pkt)

  • arg_1 : pkt
  • result : 1945621071
  Example 2

pkt → packet field name

 tcpseq(pkt)

  • arg_1 : pkt
  • result : 542726107

This value has a dual role:

  • If the SYN flag is set (1) → initial sequence number
  • If the SYN flag is clear (0) → accumulated sequence number of the first data byte of the segment.

10. TCP source port

Description

Returns the source port of a TCP segment. This value identifies the sending port.

Format

tcpsrc(arg_1) → result

  • arg_1 : Packet
  • result : Integer

Examples

  Example 1

pkt → packet field name

tcpsrc(pkt)

  • arg_1 : pkt
  • result : 80
  Example 2

pkt → packet field name

 tcpsrc(pkt)

  • arg_1 : pkt
  • result : 33650

11. TCP status

Description

Returns the status of a TCP packet.

  Check here the packet status codes
  • OK → The packet has been parsed without problems.
  • UNPARSED → Unparsed packet.
  • UNDERFLOW → The packet is smaller than its outer payload.
  • OVERFLOW → The packet is bigger than the payload.

Format

tcpstatus(arg_1) → result

  • arg_1 : Packet
  • result : String

Examples

  Example 1

pkt → packet field name. 
tcpstatus(pkt)

  • arg_1 : pkt
  • result : OK
  Example 2

tcpstatus(pkt),

  • arg_1 : pkt
  • result : CRC_BAD

Have we answered your question?

If not, please contact our technical support team via email by clicking the button below.

CONTACT US