How is it possible that I filter out (remove) the packets that are only TCP ACKs in a capture? I want to use it in tshark.
asked 02 Jun '15, 04:10
edited 02 Jun '15, 04:10
Yes. The filter is "tcp.flags.ack==0". But that will leave you with anything that isn't TCP plus a couple of SYN packets (if at all). Because even data packets will have the ACK flag set.
If you want to remove all packets that contain no data and just acknowledge data coming from the other side, use "tcp and not tcp.len==0", to filter away everything that isn't TCP or has no TCP payload.
answered 02 Jun '15, 04:21