TCP traffic SYN/ACK packets that contain window scaling options

asked 2022-03-18 23:40:44 +0000

tlm
3 ●1 ●2 ●3

Hello, in your opinion how can I filter TCP traffic SYN/ACK packets that does contain window scaling options?

Can I use !(window_size_scalefactor == -2)?

(tcp.flags.syn==1 && tcp.flags.ack==1) && !(tcp.window_size_scalefactor == -2)

Window size scaling factor: -1 (unknown, start of session not captured) Window size scaling factor: -2 (no window scaling used)

edit retag flag offensive close merge delete

Comments

Is Window Scale Kind 3? Can I filter TCP traffic SYN/ACK packets that does contain window scaling options this way?

tcp.option_kind == 3 && tcp.flags.syn==1 && tcp.flags.ack==1

tlm ( 2022-03-18 23:52:59 +0000 )edit

dfilter: Add bitwise masking of bits
When complete, you could streamline the flag check into tcp.flags & 0x012 == 0x012.
I'm not sure that's easier to read but more compact.

Chuckc ( 2022-03-22 00:44:00 +0000 )edit

@Chuckctcp.flags&18==18 is even more compact! ;-) I'm looking forward to this filter functionality in the next (major) release!

SYN-bit ( 2022-03-24 07:18:40 +0000 )edit

add a comment

Comments

Chuckc, I wanted know if the options exists. Thank you for confirming that.

tlm ( 2022-03-19 02:00:21 +0000 )edit

add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

TCP traffic SYN/ACK packets that contain window scaling options

Comments

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

TCP traffic SYN/ACK packets that contain window scaling options edit

Comments

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

TCP traffic SYN/ACK packets that contain window scaling options