OSQA is unmaintained. Help us figure out where to go from here.

Hi All,

I am using tshark to analyze data from a pcap file, i want to exclude all the tcp retransmission packets, is there any filter to exclude them(i don't want them in my data) and with which field i should use that filter in my tshark.

Any help would be highly appreciated.

Thank you

asked 19 Apr, 12:50

sreenu19's gravatar image

sreenu19
6223
accept rate: 0%

converted to question 20 Apr, 00:30

grahamb's gravatar image

grahamb ♦
19.7k330205

Your "answer" has been converted to a question as that's how this site works. Please read the FAQ for more information.

(20 Apr, 00:31) grahamb ♦

First you need to ensure that the TCP preference Analyze TCP sequence numbers is enabled.

Then you can find TCP retransmissions using the field tcp.analysis.retransmission. Obviously to filter them out use !tcp.analysis.retransmission.

You may also be interested in the TCP preference Do not call subdissectors for error packets: when enabled upper-level protocol dissectors (like HTTP) aren't called for TCP retransmissions (and other "errors").

permanent link

answered 20 Apr, 06:26

JeffMorriss's gravatar image

JeffMorriss ♦
6.2k572
accept rate: 27%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×750
×348
×104

question asked: 19 Apr, 12:50

question was seen: 522 times

last updated: 20 Apr, 06:26

p​o​w​e​r​e​d by O​S​Q​A