Current logic as documented on https://fastnetmon.com/docs-fnm-advanced/fastnetmon-threshold-types/ matches all combinations of TCP flags when SYN flag set.

It will be increase when only SYN, SYN+ACK, SYN+ACK+PSH flags are set which is counter intuitive and need to be addressed.

It may affected configured threshold values and we need to be careful with this change.

As current workaround flexible thresholds can be used as they match only exactly mentioned flag: https://fastnetmon.com/docs-fnm-advanced/flexible-thresholds/