A TCP connection has flags that are used to indidcate a connection’s state. The connection’s state allows you to troubleshoot problems and let’s you know how to handle a connection. Two of the more commonly used flags for this purpose are the “PSH” and ACK” flags.

SYN and Ack Flags

SYN (Synchronization)

SYN is used in the first step to establishing the connection and in a three-way handshake between hosts. The sender and receiver of the first packet have the SYN flag set, and it will synchronize the sequence number.

Summary: SYN flag indicates packets that are ready to initiate a connection.

ACK (Acknowledgement)

The ACK (Acknowledgement) flag acknowledges packets retrieved by the host. The ACK flag gets set if the acknowledgment number field contains a valid acknowledgment number.Once the data packets have been recieved, ACK will also confirm the initiation request and tear down requests.

Summary: The ACK flag is used to indicate that the data packets have been recieved.

Notes Related to Syn and Ack:

Syn Ack Handshake

Synchronization and Acknowledgement flags are used together in a three-way handshake and together can establish a reliable connection. Both these two sides synchronize and acknowledge each other.

DOS Attack Syn Ack Scan

You’ve probably heard of the dredded DDOS attack, where an entire machine or network is intentionally attacked in an attempt to shut it down. This is often done by attacking a website’s routers and switches and is carried out by attacking with SYN ACK packets.

Fin, RSY, PSH, and URG Flags

Fin (Finish)

The Fin (Finish) flag requests the termination of a connection. Connections are terminated when there is no more data to be transferred from the sender. Subsequently, this is the final flag to be sent from the sender. Once the connection is terminated with the Fin flag, all reserved resources are freed.

Summary: The Fin flag is used to indicate the sender has finished sending data. It’s normal that after each connection is terminated without issues for each TCP peer to send a finish flag.

RST (Reset)

Unlike the Fin flag, RST (Reset) is used to terminate a connection, not after there is no more data to be sent but rather if the sender feels there is a problem and wants to intervene. When the RST flag is activated, all other data in the connection is lost, and the receiver is only notified about the reset. The reset can be activated from the receiver if the receiver is sent a packet they weren’t expecting, et cetera.

Summary: The Reset flag is used for quickly aborting connections and is useful for troubleshooting errors and mistakes.

PSH (Push)

The Transport layer waits for the application layer to send enough data equal to the maximum segment size which leads to the number of packets transmitted on the network minimizing. If no minimizing were to occur, it can disrupt some applications. The transport layer also buffers packets before sending them to the application layer. This is the problem the PSH (Push) flag solves. When PSH is set on the transport layer, the segment is sent to the network layer when a single is received from the application layer. The Reciever transport layer then forwards the data to the application layer without needing to buffer them.

Summary: The PSH flag is used during data transfer and indicates that the data in the TCP buffer should be passed through the application layer.

URG (Urgent)

The URG (Urgent) flag can be sent through the application layer immediately and before data that was already planned to be sent through the application layer. The point of the URG flag is to let the receiver know to process the Urgent packets before all other packets. The receiver is notified when all urgent data is received.

Summary: The URG flag is used during data transfer and indicates that there is urgent data being sent.