man: Add an example for printing TCP with RST+ACK both set

author Francois-Xavier Le Bail <[email protected]>

Thu, 25 Jun 2020 07:50:09 +0000 (09:50 +0200)

committer Francois-Xavier Le Bail <[email protected]>

Thu, 25 Jun 2020 07:52:55 +0000 (09:52 +0200)
author Francois-Xavier Le Bail <[email protected]>
Thu, 25 Jun 2020 07:50:09 +0000 (09:50 +0200)
committer Francois-Xavier Le Bail <[email protected]>
Thu, 25 Jun 2020 07:52:55 +0000 (09:52 +0200)
diff --git a/tcpdump.1.in b/tcpdump.1.in

index 5373ac0e2c29b3f4bf03768ed2ed1e8dcb7453d9..2056d0c92e1d06f43fcac76b53ae6b3c7c0a5700 100644 (file)
--- a/tcpdump.1.in
+++ b/tcpdump.1.in
@@ -1002,6 +1002,16 @@ tcpdump 'tcp[tcpflags] & (tcp-syn|tcp-fin) != 0 and not src and dst net \fIlocal
  .fi
  .RE
  .LP
+To print the TCP packets with flags RST and ACK both set.
+(i.e. select only the RST and ACK flags in the flags field, and if the result
+is "RST and ACK both set", match)
+.RS
+.nf
+.B
+tcpdump 'tcp[tcpflags] & (tcp-rst|tcp-ack) == (tcp-rst|tcp-ack)'
+.fi
+.RE
+.LP
  To print all IPv4 HTTP packets to and from port 80, i.e. print only
  packets that contain data, not, for example, SYN and FIN packets and
  ACK-only packets.  (IPv6 is left as an exercise for the reader.)
author	Francois-Xavier Le Bail <[email protected]>
	Thu, 25 Jun 2020 07:50:09 +0000 (09:50 +0200)
committer	Francois-Xavier Le Bail <[email protected]>
	Thu, 25 Jun 2020 07:52:55 +0000 (09:52 +0200)