This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

TCP packets

0

What should I type in filter if I want to see TCP packets and TCP SIN packets that I have sent?

asked 19 Feb '11, 23:39

baran's gravatar image

baran
1334
accept rate: 0%

One Answer:

1

For seeing only TCP packets, you can use the filter "tcp" which can be used both as a capture filter and as a display filter.

If you only want to see TCP SYN packets, you can use the display filter "tcp.flags.syn==1" and the capture filter "tcp[13]&2=2".

If you want to limit it even further to only the SYN packets that you are sending, you can and an IP filter and get "tcp.flags.syn==1 and ip.src==<YOUR_IP>" (display) and "tcp[13]&2=2 and src host <YOUR_IP>".

answered 20 Feb '11, 00:40

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

I do thank U for answering me.

(20 Feb '11, 00:58) baran

How can I see TCP packets that I am sending them?not all TCP packets.

(22 Feb '11, 09:55) baran

See my answer above in which I use a filter to select only packets which have your IP address as the source.

(22 Feb '11, 10:02) SYN-bit ♦♦