URG: This flag indicates the emergency pointer domain of the TCP package (it will be said to be said) is effective, used to ensure that the TCP connection is not interrupted, and urge the intermediate layer device to handle this data as soon as possible; ACK: This flag indicates that the auditory is valid. That is to say, the TCP response number mentioned earlier will be included in the TCP packet; two values: 0 and 1, when 1 is 1, it indicates that the response domain is valid, it is 0; PSH: This logo represents the PUSH operation. The so-called PUSH operation refers to the application immediately after the packet reaches the receiving end, not in the buffer; RST: This flag indicates the connection reset request. It is used to reset the incorrect connections, which is also used to reject errors and illegal packets; SYN: indicates synchronization serial numbers to establish connections. SYN flag and ACK flag are used, when the connection request is connected, SYN = 1, ACK = 0; the connection is corresponding, SYN = 1, ACK = 1; this flag's packet is often used to perform port scanning . The scanner sends a packet with only SYN. If the other host responds to a packet, it indicates this port; however, because this scanning method is just the first handshake of TCP three handshake, so this scan The success indicated that the scanned machine is not very safe, and a safe host will force a three-way handshake that is strictly connected to TCP; Fin: indicates that the sender has reached the end of the data, that is, the data transfer of both parties is completed, no The data can be transmitted, and after the TCP packet of the FIN flag is sent, the connection will be disconnected. The data packet of this flag is often used to perform port scans. When a FIN flag is sent to a specific port of a computer, if this computer responds to this data, and feedback back a TCP package that is back, it indicates that this port is not opened, but this The computer is present; if this computer does not feed back any packets, this shows that this scanned computer has this port. It should be noted that the Jinshan Net Dart log report is not the full name of these logo, but the first letter of these logo, such as intercepting a TCP packet containing the FIN flag will report xxxx TCP packets. : F. Also, your log may report the TCP packet of X.x.x.x: null, what is this? NULL indicates that the packet sent to you does not contain any flag. You receive this packet, in many cases you mean that you are scanned, the scanner sends a null packet to you, if your computer is sent back to a Fin flag The TCP packet indicates that the port he detects does not exist on your computer, but your computer has been determined so that he can use other scanning methods to perform port detection. There are some special scanning methods to bypass unstrial firewalls.
