i am capturing packets using wireshark and almost all of them contain the [ack] flag ..i don't know how to differentiate between data packets and tcp acknowledgement packets when all of them carry the flag [ack],so any help ?!
asked 03 May '15, 15:55
Every packet except the initial SYN packet has the ACK flag set. That's normal. If you're looking for packets acknowledging data without carrying data themselves just look for packets that have a TCP payload length of zero. You can filter for those by using "tcp.len==0".
answered 03 May '15, 16:12