How to filter out TCP retransmissions


Hi, I'm using tshark to analyze HTTPs traffic and I don't want to capture TCP retransmissions. Is there a capture filter I can use for this?

One Answer:


IMHO it's not possible to have a capture filter to ignore retransmits. It's necessary to have the data to be able to detect a retransmit (analyse sequence numbers).

An option to ignore retransmits is using a display filter (e.g. not tcp.analysis.retransmission and not tcp.analysis.fast_retransmission).

correct, retransmissions need to be diagnosed first, so you can't filter them away during capture.

(23 Mar '17, 05:37) Jasper ♦♦