Wireshark-users: Re: [Wireshark-users] Bad TCP - Why ?

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Thu, 18 Feb 2010 08:40:40 -0800
On Feb 18, 2010, at 5:28 AM, Forthofer Russ wrote:

> I don't believe it is necessarily indicating a problem

Then the rule name should probably be changed, as not all tcp.analysis.flags bits indicate that there's something "bad" about the packet.  Perhaps there was a time when all the flags did indicate a problem, and the rule was created and named then.