When using a tool that displays network traffic a more natural (raw) way the burden of analysis is placed directly on the human rather than the application. This approach cultivates continued and elevated understanding of the TCP/IP suite, and for this reason I strongly advocate using tcpdump instead of other tools whenever possible. An anagram for the TCP flags: U nskilled A ttackers P ester R eal S ecurity F olk ] Show me all URGENT (URG) packets... # tcpdump 'tcp[13] & 32 != 0 ' Show me all ACKNOWLEDGE (ACK) packets... # tcpdump 'tcp[13] & 16 != 0 ' Show me all PUSH (PSH) packets... # tcpdump 'tcp[13] & 8 != 0 ' Show me all RESET (RST) packets... # tcpdump 'tcp[13] & 4 != 0 ' Show me all SYNCHRONIZE (SYN) packets...
Security Beyond Compare ..