Time Stamp Options enabled

asked 2022-03-18 03:40:57 +0000

tlm
3 ●1 ●2 ●3

How do I Apply a filter for SYN/ ACK packets that have the Time Stamp Options enabled?

edit retag flag offensive close merge delete

add a comment

2 Answers

Sort by » oldest newest most voted

answered 2022-03-18 05:15:07 +0000

BigFatCat
31 ●3 ●90 ●5

tcp.option_kind == 8 is the TCP time stamp option.

tcp.option_kind == 8 && tcp.flags.syn==1 will show all the syn and syn/ack packets with time stamp option.

tcp.option_kind == 8 && tcp.flags.syn==1 && tcp.flags.ack==0 will show only syn packets with time stamp option.

tcp.option_kind == 8 && tcp.flags.syn==1 && tcp.flags.ack==1 will show only syn/ack packets with time stamp option

tcp.option_kind == 8 will show any packet with the time stamp option

edit flag offensive delete link

Comments

Dear BigFatCat, I applied these filters and studied the packets. It looks awesome. Thank you truly for you quick and expert response! Wow! Great! Thank you!

tlm ( 2022-03-18 06:31:13 +0000 )edit

add a comment

answered 2022-03-18 08:13:53 +0000

hugo.vanderkooij
76 ●190 ●4

As general rule of thumb: Expand you packet. Find the field you want to filter on and use your right mouse button to add a filter. That is in general the easiest way to find good samples of filters that makes sense for your packets.

edit flag offensive delete link

add a comment