We had a reader send an email in a couple of weeks ago asking about understanding the flags field when looking at data in a report. He didn’t understand what the “flags” were referring to or what the actual flags mean. “They don’t appear related to TCP header flags like I’ve normally seen…S is the most common but I occasionally see RSA, RUS and a few others.”
Article Link: https://isc.sans.edu/diary/rss/22880