How to filter out TCP ACKs?

0	Hi, How is it possible that I filter out (remove) the packets that are only TCP ACKs in a capture? I want to use it in tshark. filter capture-filter packet-capture tcp tshark asked 02 Jun '15, 04:10 aby_mcs 6●1●1●3 accept rate: 0% edited 02 Jun '15, 04:10

One Answer:

active answers oldest answers newest answers popular answers

Yes. The filter is "tcp.flags.ack==0". But that will leave you with anything that isn't TCP plus a couple of SYN packets (if at all). Because even data packets will have the ACK flag set.

If you want to remove all packets that contain no data and just acknowledge data coming from the other side, use "tcp and not tcp.len==0", to filter away everything that isn't TCP or has no TCP payload.

permanent link

answered 02 Jun '15, 04:21

Jasper ♦♦
23.8k●5●51●284
accept rate: 18%

Your answer

toggle preview

community wiki:

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

*italic* or _italic_
**bold** or __bold__
link:[text](http://url.com/ "title")
image?![alt text](/path/img.jpg "title")
numbered list: 1. Foo 2. Bar
to add a line break simply add two spaces to where you would like the new line to be.
basic HTML tags are also supported

learn more about Markdown

Question tags:

tshark ×832
tcp ×752
filter ×349
capture-filter ×184
packet-capture ×61

question asked: 02 Jun '15, 04:10

question was seen: 33,603 times

last updated: 02 Jun '15, 04:21

How to filter out TCP ACKs?

Follow this question

You have a trillion packets.

You need to see four of them.

Don't have Wireshark?

Related questions