| Field/ Property | Description | Example |
| TCP.Port | Filters on the Source or Destination port. Used to find traffic based on port, which is often associated with an application. | TCP.Port==80 |
| TCP.Flags.Reset | Can test and see if the reset flag is set. | TCP.Flags.Reset==1 |
| TCP.Window | Window Size of the current TCP frame, but ignoring the scale factor. See Property.TCPWindowSize below. | TCP.Window == 0 |
| TCPRetransmit | A property that is set when a TCP retransmit is found. Retransmits indicate a network infrastructure problem and network congestion. | Property.TCPRetransmit == 1 |
| TCPPayloadLength | Represents the TCP Payload Size. | TCPPayloadLength == 0 |
| TCPCheckSumStatus | This is a string that represents if the checksum is valid or not. This could be “Good” or “Bad”. | TCPCheckSumStatus != “Good” |
| TCPDescription | A property to show the TCP Description for the current frame as opposed to the top most protocol description. This is useful as a frame summary column. You can also use it to search for specific retransmitted frames by searching for the text in the TCP summary, as the example shows. | TCPDescription.Contains(“#472”) |
| TCPAckNumber | The current frame’s Acknowledgement Number | TCPAckNumber==1234 |
| TCPSeqNumber | The current frame’s Sequence Number | TCPSeqNumber==1234 |
| TCPSeqeunceRange | The TCP Sequence range, as a string, which is the current seq number to the current seq plus the length of the TCP payload. | TCPSequenceRange.Contains(“1234”) |
| TCPShortAckNumber | A WORD representation of the Ack number to make it easy to compare and remember. | TCPShortAckNumber==1000 |
| TCPShortSeqNumber | A WORD representation of the Seq number to make it easy to compare and remember. | TCPShortSeqNumber==1000 |
| TCPFlags | A string representation of the various TCP flags for the frame: CWR, ECE, Urgent, Ack, Push, Reset, Syn, Fin. | TCPFlags.Contains(“R”) |
| TCPWindowSize | The Window Size for the current frame, including the scaling factor if the 3-way handshake is available in the same trace. | TCPWindowSize==0 |
