Check the below link and it will answer your questions.
www.tcpdump.org/tcpdump_man.html
Its related to the TCP Flags and what type of datagram is sent [SYN, SYN/ACK, ACK, PSH, URG etc]. See how clearly its explained what you were looking for.
Do atleast minimal searches kiddo. Read RFC-793
Recall the structure of a TCP header without options:
0 15 31
| source port | destination port |
| sequence number |
| acknowledgment number |
| HL | rsvd |C|E|U|A|P|R|S|F| window size |
| TCP checksum | urgent pointer |
A TCP header usually holds 20 octets of data, unless
options are present. The first line of the graph contains
octets 0 - 3, the second line shows octets 4 - 7 etc.
Starting to count with 0, the relevant TCP control bits
are contained in octet 13:
0 7| 15| 23| 31
|
|
|
| HL | rsvd |C|E|U|A|P|R|S|F| window size |
|
|
|
| | 13th octet | | |
Let's have a closer look at octet no. 13:
| |
|
|
|7 5 3 0|
These are the TCP control bits we are interested in. We
have numbered the bits in this octet from 0 to 7, right to
left, so the PSH bit is bit number 3, while the URG bit is
number 5.
Recall that we want to capture packets with only SYN set.
Let's see what happens to octet 13 if a TCP datagram
arrives with the SYN bit set in its header:
|C|E|U|A|P|R|S|F|
|
|
|0 0 0 0 0 0 1 0|
|
|
|7 6 5 4 3 2 1 0|
Looking at the control bits section we see that only bit
number 1 (SYN) is set.
Assuming that octet number 13 is an 8-bit unsigned integer
in network byte order, the binary value of this octet is
00000010
and its decimal representation is
7 6 5 4 3 2 1 0
0*2 + 0*2 + 0*2 + 0*2 + 0*2 + 0*2 + 1*2 + 0*2 = 2
We're almost done, because now we know that if only SYN is
set, the value of the 13th octet in the TCP header, when
interpreted as a 8-bit unsigned integer in network byte
order, must be exactly 2.
This relationship can be expressed as
tcp[13] == 2
