Ask Your Question
0

Can I filter out ack responses to packets otherwise filetered out?

asked 2018-02-22 16:21:34 +0000

drevicko gravatar image

So, I've filtered out a bunch of packets by writing some clever rule. I still see all the TCP Ack packets that were responses to the packets I don't want to see. Is there a way to hide those also, but without hiding ALL ack packets? I'd like to see the ack packets of the remaining (interesting) non-ack packets.

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2018-02-22 16:28:44 +0000

grahamb gravatar image

Not by a filter. A filter is basically a pass\fail for each individual packet to be displayed, it can't associate info between packets.

You might be able to cobble something together from the command line by inverting the filter to output the packets that are dropped and noting the tcp sequence numbers of those packets and then creating a filter for ACKs to those sequence numbers.

If you're only looking at higher layers in the stack you can drop all the tcp only packets by including a filter for the higher protocol, e.g. "http".

edit flag offensive delete link more

Comments

Thought as much - asked here so others can find it if they want the same thing (: Thanks for the clarification! :)

drevicko gravatar imagedrevicko ( 2018-02-23 16:17:46 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-02-22 16:21:34 +0000

Seen: 2,508 times

Last updated: Feb 22 '18