Using TCP as a filter does not do that as it still shows TLS and few other protocols. I just want to show someone the 3-way handshake process packets without anything else asked 19 May '15, 04:34  matka |
One Answer:
Do you need a capture filter, or will a display filter work for you? It's hard (if not impossible) to capture the third packet of the three way handshake with a filter, because you need TCP session tracking to determine which ACK is the third packet of a handshake. A display filter can do it with a little trick though. If you can live with display filtering, take a look at this blog post: https://blog.packet-foo.com/2015/03/advanced-display-filtering/ answered 19 May '15, 05:59  Jasper ♦♦ |
See also: https://ask.wireshark.org/questions/15057/how-to-capture-tcp-3-way-handshake