From 8a33158e8896bcc38ceccf2d52c11af84dbfb971 Mon Sep 17 00:00:00 2001
From: Francois-Xavier Le Bail <devel.fx.lebail@orange.fr>
Date: Thu, 25 Jun 2020 09:50:09 +0200
Subject: man: Add an example for printing TCP with RST+ACK both set

Partially based on a Guy's comment in issue #860.

[skip ci]
---
 tcpdump.1.in | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'tcpdump.1.in')

diff --git a/tcpdump.1.in b/tcpdump.1.in
index 5373ac0e..2056d0c9 100644
--- a/tcpdump.1.in
+++ b/tcpdump.1.in
@@ -1002,6 +1002,16 @@ tcpdump 'tcp[tcpflags] & (tcp-syn|tcp-fin) != 0 and not src and dst net \fIlocal
 .fi
 .RE
 .LP
+To print the TCP packets with flags RST and ACK both set.
+(i.e. select only the RST and ACK flags in the flags field, and if the result
+is "RST and ACK both set", match)
+.RS
+.nf
+.B
+tcpdump 'tcp[tcpflags] & (tcp-rst|tcp-ack) == (tcp-rst|tcp-ack)'
+.fi
+.RE
+.LP
 To print all IPv4 HTTP packets to and from port 80, i.e. print only
 packets that contain data, not, for example, SYN and FIN packets and
 ACK-only packets.  (IPv6 is left as an exercise for the reader.)
-- 
cgit v1.2.1