Ask Your Question
0

Time Stamp Options enabled

asked 2022-03-18 03:40:57 +0000

tlm gravatar image

How do I Apply a filter for SYN/ ACK packets that have the Time Stamp Options enabled?

edit retag flag offensive close merge delete
add a comment

2 Answers

Sort by ยป oldest newest most voted
0

answered 2022-03-18 05:15:07 +0000

BigFatCat gravatar image

tcp.option_kind == 8 is the TCP time stamp option.

tcp.option_kind == 8 && tcp.flags.syn==1 will show all the syn and syn/ack packets with time stamp option.

tcp.option_kind == 8 && tcp.flags.syn==1 && tcp.flags.ack==0 will show only syn packets with time stamp option.

tcp.option_kind == 8 && tcp.flags.syn==1 && tcp.flags.ack==1 will show only syn/ack packets with time stamp option

tcp.option_kind == 8 will show any packet with the time stamp option

edit flag offensive delete link more

Comments

Dear BigFatCat, I applied these filters and studied the packets. It looks awesome. Thank you truly for you quick and expert response! Wow! Great! Thank you!

tlm gravatar imagetlm ( 2022-03-18 06:31:13 +0000 )edit
add a comment
0

answered 2022-03-18 08:13:53 +0000

hugo.vanderkooij gravatar image

As general rule of thumb: Expand you packet. Find the field you want to filter on and use your right mouse button to add a filter. That is in general the easiest way to find good samples of filters that makes sense for your packets.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2022-03-18 03:40:57 +0000

Seen: 159 times

Last updated: Mar 18 '22

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2