man: Add an example for printing TCP with RST+ACK both set

Partially based on a Guy's comment in issue #860. [skip ci]
author: Francois-Xavier Le Bail <devel.fx.lebail@orange.fr> 2020-06-25 09:50:09 +0200
committer: Francois-Xavier Le Bail <devel.fx.lebail@orange.fr> 2020-06-25 09:52:55 +0200
commit: 8a33158e8896bcc38ceccf2d52c11af84dbfb971 (patch)
tree: 3b9b71561916dbd3ab21999fa015f87f39610dad /tcpdump.1.in
parent: c99b9b89c745b6e397993b9e29d161ac385e5afc (diff)
download: tcpdump-8a33158e8896bcc38ceccf2d52c11af84dbfb971.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/tcpdump.1.in b/tcpdump.1.in
index 5373ac0e..2056d0c9 100644
--- a/tcpdump.1.in
+++ b/tcpdump.1.in
@@ -1002,6 +1002,16 @@ tcpdump 'tcp[tcpflags] & (tcp-syn|tcp-fin) != 0 and not src and dst net \fIlocal
 .fi
 .RE
 .LP
+To print the TCP packets with flags RST and ACK both set.
+(i.e. select only the RST and ACK flags in the flags field, and if the result
+is "RST and ACK both set", match)
+.RS
+.nf
+.B
+tcpdump 'tcp[tcpflags] & (tcp-rst|tcp-ack) == (tcp-rst|tcp-ack)'
+.fi
+.RE
+.LP
 To print all IPv4 HTTP packets to and from port 80, i.e. print only
 packets that contain data, not, for example, SYN and FIN packets and
 ACK-only packets.  (IPv6 is left as an exercise for the reader.)
author	Francois-Xavier Le Bail <devel.fx.lebail@orange.fr>	2020-06-25 09:50:09 +0200
committer	Francois-Xavier Le Bail <devel.fx.lebail@orange.fr>	2020-06-25 09:52:55 +0200
commit	8a33158e8896bcc38ceccf2d52c11af84dbfb971 (patch)
tree	3b9b71561916dbd3ab21999fa015f87f39610dad /tcpdump.1.in
parent	c99b9b89c745b6e397993b9e29d161ac385e5afc (diff)
download	tcpdump-8a33158e8896bcc38ceccf2d52c11af84dbfb971.tar.gz