TCP Flags Explained – What Do TCP:RA, TCP:FA, TCP:PA, TCP:S, TCP:SEC Mean?

networkingpfsensetcp

I'm specifically looking for a definition of what the following mean: TCP:RA, TCP:FA ,TCP:PA, TCP:S, TCP:SEC

The context is that I'm looking at some pfSense logs which are showing rejected packets by the default deny rule. My understanding is that this can happen from asymmetric network traffic where perhaps a connection is closed before a packet acknowledging that fact arrives. And, from what I can tell, the messages are "harmless" and for the most part, not suppressible.

I'm trying to understand what I'm looking at. Is each one of those a 'thing'? Is it some notation of state? Is it a way of showing which flags are set? (e.g. TCP:RA is just a packet with Reset and Ack set or something)

I've been trying to hunt down the meaning of these, but am running into articles that say "nah, don't worry about it" (but don't say what 'it' is) or that the terms are so short the search engines are extrapolating I'm looking for something else highly off topic.

Best Answer

They represent the TCP flags, indeed. RFC 793, 3.1:

Control Bits: 6 bits (from left to right):

  • URG: Urgent Pointer field significant
  • ACK: Acknowledgment field significant
  • PSH: Push Function
  • RST: Reset the connection
  • SYN: Synchronize sequence numbers
  • FIN: No more data from sender

And additions:

From this we can deduce:

  • TCP:RA = RST, ACK
  • TCP:FA = FIN, ACK
  • TCP:PA = PSH, ACK
  • TCP:S = SYN
  • TCP:SEC = SYN, ECE, CWR
Related Topic