The TCP flags filter matches against TCP flags contained in the standard IPFIX info element (field ID 6). Note that the flags contained in this field could be an aggregation of TCP flags contained within multiple network packets since a flow record often represents data from a collection of packets and not single network packets.

In addition to looking for particular kinds of traffic, filtering on the TCP flags might be helpful in detecting some kinds of scans or attacks.