This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to filter out TCP ACKs?

0

Hi,

How is it possible that I filter out (remove) the packets that are only TCP ACKs in a capture? I want to use it in tshark.

asked 02 Jun '15, 04:10

aby_mcs's gravatar image

aby_mcs
6113
accept rate: 0%

edited 02 Jun '15, 04:10


One Answer:

3

Yes. The filter is "tcp.flags.ack==0". But that will leave you with anything that isn't TCP plus a couple of SYN packets (if at all). Because even data packets will have the ACK flag set.

If you want to remove all packets that contain no data and just acknowledge data coming from the other side, use "tcp and not tcp.len==0", to filter away everything that isn't TCP or has no TCP payload.

answered 02 Jun '15, 04:21

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%