This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

What filter can I use to exclude TCP retransmissions

0

Hi All,

I am using tshark to analyze data from a pcap file, i want to exclude all the tcp retransmission packets, is there any filter to exclude them(i don't want them in my data) and with which field i should use that filter in my tshark.

Any help would be highly appreciated.

Thank you

asked 19 Apr '17, 12:50

sreenu19's gravatar image

sreenu19
6223
accept rate: 0%

converted to question 20 Apr '17, 00:30

grahamb's gravatar image

grahamb ♦
19.8k330206

Your "answer" has been converted to a question as that's how this site works. Please read the FAQ for more information.

(20 Apr '17, 00:31) grahamb ♦

One Answer:

0

First you need to ensure that the TCP preference Analyze TCP sequence numbers is enabled.

Then you can find TCP retransmissions using the field tcp.analysis.retransmission. Obviously to filter them out use !tcp.analysis.retransmission.

You may also be interested in the TCP preference Do not call subdissectors for error packets: when enabled upper-level protocol dissectors (like HTTP) aren't called for TCP retransmissions (and other "errors").

answered 20 Apr '17, 06:26

JeffMorriss's gravatar image

JeffMorriss ♦
6.2k572
accept rate: 27%