Go to Edit->Preferences and expand the
Protocols option. Scroll down to TCP and make sure that "Analyze TCP sequence
numbers" is checked. When you expand the TCP header in the detail window
of your trace, you will now see an additional "SEQ/ACK analysis" sub-tree.
Expand that and then expand the "TCP Analysis Flags" tree below
that. This will tell you what event caused the packet to be flagged by the
tcp.analysis.flags rule.
Andrew
-----Original Message-----
From:
ethereal-users-bounces@xxxxxxxxxxxx
[mailto:ethereal-users-bounces@xxxxxxxxxxxx] On
Behalf Of Felczak Andrzej
Sent: Friday, December 16, 2005
8:35 AM
To: ethereal-users@xxxxxxxxxxxx
Subject: [Ethereal-users] TCP
Analysis flags
In an ethereal trace I encountered a
frame which was colorized according to the tcp.analysis.flags rule. I would
need to know the exact conditions which lead to that ethereal marked this
frame. Can I find this out in any way in ethereal and how? I searched around
quite a long time but did not find anything.
Andrzej Felczak
Software development - System designer
VA TECH SAT GmbH & Co
Ruthnergasse
1
A-1210
Wien, Austria
Phone: (+43/1) 29129 4931
Fax:
(+43/1) 29 28 838 or (+43/1) 29129 4649
e-mail:
fa@xxxxxxxxxxxxxxxxxx
Internet:
http://www.sat-automation.com