diff --git a/pcap/macos_tcp_flags.pcap b/pcap/macos_tcp_flags.pcap
new file mode 100644
index 0000000..90ae495
Binary files /dev/null and b/pcap/macos_tcp_flags.pcap differ
diff --git a/rust/CHANGELOG.md b/rust/CHANGELOG.md
index 377006c..9e78763 100644
--- a/rust/CHANGELOG.md
+++ b/rust/CHANGELOG.md
@@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.15.2] - 2023-11-09
+
+### Fixed
+
+- Ignore extraneous TCP flags when choosing packets for JA4L calculation (#22).
+
 ## [0.15.1] - 2023-10-12
 
 ### Fixed
@@ -25,7 +31,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - Add Rust sources of `ja4` and `ja4x` CLI tools.
 
-[unreleased]: https://github.com/FoxIO-LLC/ja4/compare/v0.15.1...HEAD
+[unreleased]: https://github.com/FoxIO-LLC/ja4/compare/v0.15.2...HEAD
+[0.15.2]: https://github.com/FoxIO-LLC/ja4/compare/v0.15.1...v0.15.2
 [0.15.1]: https://github.com/FoxIO-LLC/ja4/compare/v0.15.0...v0.15.1
 [0.15.0]: https://github.com/FoxIO-LLC/ja4/compare/v0.14.0...v0.15.0
 [0.14.0]: https://github.com/FoxIO-LLC/ja4/releases/tag/v0.14.0
diff --git a/rust/Cargo.lock b/rust/Cargo.lock
index 7cdef65..f83069b 100644
--- a/rust/Cargo.lock
+++ b/rust/Cargo.lock
@@ -531,7 +531,7 @@ checksum = "af150ab688ff2122fcef229be89cb50dd66af9e01a4ff320cc137eecc9bacc38"
 
 [[package]]
 name = "ja4"
-version = "0.15.1"
+version = "0.15.2"
 dependencies = [
  "clap",
  "color-eyre",
@@ -559,7 +559,7 @@ dependencies = [
 
 [[package]]
 name = "ja4x"
-version = "0.15.1"
+version = "0.15.2"
 dependencies = [
  "clap",
  "color-eyre",
diff --git a/rust/Cargo.toml b/rust/Cargo.toml
index 8961c10..fa4659e 100644
--- a/rust/Cargo.toml
+++ b/rust/Cargo.toml
@@ -3,7 +3,7 @@ members = ["ja4", "ja4x"]
 resolver = "2"
 
 [workspace.package]
-version = "0.15.1"
+version = "0.15.2"
 license = "LicenseRef-FoxIO-Proprietary"
 repository = "https://github.com/FoxIO-LLC/ja4"
 
diff --git a/rust/ja4/src/snapshots/ja4__insta@macos_tcp_flags.pcap.snap b/rust/ja4/src/snapshots/ja4__insta@macos_tcp_flags.pcap.snap
new file mode 100644
index 0000000..825abe4
--- /dev/null
+++ b/rust/ja4/src/snapshots/ja4__insta@macos_tcp_flags.pcap.snap
@@ -0,0 +1,16 @@
+---
+source: ja4/src/lib.rs
+expression: output
+---
+- stream: 0
+  transport: tcp
+  src: 172.16.5.16
+  dst: 172.67.24.71
+  src_port: 61311
+  dst_port: 443
+  tls_server_name: venarisecurity.com
+  ja4: t13d2613h2_2802a3db6c62_845d286b0d67
+  ja4s: t130200_1301_234ea6891581
+  ja4l_c: 62_64
+  ja4l_s: 17255_63
+
diff --git a/rust/ja4/src/stream.rs b/rust/ja4/src/stream.rs
index 1b4bc0f..ec67373 100644
--- a/rust/ja4/src/stream.rs
+++ b/rust/ja4/src/stream.rs
@@ -12,7 +12,7 @@ use crate::{
     conf::Conf,
     http, ssh,
     time::{self, TcpTimestamps, Timestamps, UdpTimestamps},
-    tls, FormatFlags, Packet, PacketNum, Proto, Result,
+    tls, FormatFlags, Packet, Proto, Result,
 };
 
 /// User-facing record containing data obtained from a TCP or UDP stream.
@@ -375,17 +375,3 @@ impl StreamId2<'_> {
         }
     }
 }
-
-/// A fingerprint that was obtained from a single packet.
-///
-/// `PacketFingerprint` can represent JA4 (TLS client), JA4S (TLS server), or
-/// JA4H (HTTP client) fingerprint. Other types of fingerprints are derived from
-/// multiple packets.
-#[derive(Debug, Serialize)]
-// HACK: Use a configuration parameter to enable serialization of packet numbers.
-#[cfg_attr(not(debug_assertions), serde(transparent))]
-struct PacketFingerprint {
-    #[cfg_attr(not(debug_assertions), serde(skip_serializing), allow(dead_code))]
-    packet: PacketNum,
-    fp: String,
-}
diff --git a/rust/ja4/src/time.rs b/rust/ja4/src/time.rs
index 4987bfc..df70e31 100644
--- a/rust/ja4/src/time.rs
+++ b/rust/ja4/src/time.rs
@@ -32,7 +32,6 @@ pub(crate) trait Timestamps: Default {
 
 #[derive(Debug)]
 pub(crate) struct PacketTimestamp {
-    #[cfg_attr(not(debug_assertions), allow(dead_code))]
     #[allow(dead_code)]
     packet: PacketNum,
     pub(crate) timestamp: i64,
diff --git a/rust/ja4/src/time/tcp.rs b/rust/ja4/src/time/tcp.rs
index 9dcfc7d..5f8d908 100644
--- a/rust/ja4/src/time/tcp.rs
+++ b/rust/ja4/src/time/tcp.rs
@@ -207,10 +207,12 @@ impl Timestamp {
 
         let t = || PacketTimestamp::new(pkt);
 
-        Ok(match tcp.first("tcp.flags")? {
-            "0x0002" => Some(Self::Syn((t()?, Ttl::new(pkt)?))),
-            "0x0012" => Some(Self::SynAck((t()?, Ttl::new(pkt)?))),
-            "0x0010" => Some(Self::Ack(t()?)),
+        let ack = tcp.first("tcp.flags.ack")?;
+        let syn = tcp.first("tcp.flags.syn")?;
+        Ok(match (syn, ack) {
+            ("1", "0") => Some(Self::Syn((t()?, Ttl::new(pkt)?))),
+            ("1", "1") => Some(Self::SynAck((t()?, Ttl::new(pkt)?))),
+            ("0", "1") => Some(Self::Ack(t()?)),
             _ => None,
         })
     }