OSQA is unmaintained. Help us figure out where to go from here.

Hi All,

I am using tshark to analyze data from a pcap file, i want to exclude all the tcp retransmission packets, is there any filter to exclude them(i don't want them in my data) and with which field i should use that filter in my tshark.

Any help would be highly appreciated.

Thank you

asked 19 Apr, 12:50

sreenu19's gravatar image

sreenu19
62
accept rate: 0%

converted to question 20 Apr, 00:30

grahamb's gravatar image

grahamb ♦
19.1k328203

Your "answer" has been converted to a question as that's how this site works. Please read the FAQ for more information.

(20 Apr, 00:31) grahamb ♦

First you need to ensure that the TCP preference Analyze TCP sequence numbers is enabled.

Then you can find TCP retransmissions using the field tcp.analysis.retransmission. Obviously to filter them out use !tcp.analysis.retransmission.

You may also be interested in the TCP preference Do not call subdissectors for error packets: when enabled upper-level protocol dissectors (like HTTP) aren't called for TCP retransmissions (and other "errors").

link

answered 20 Apr, 06:26

JeffMorriss's gravatar image

JeffMorriss ♦
6.0k572
accept rate: 26%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×717
×336
×101

Asked: 19 Apr, 12:50

Seen: 104 times

Last updated: 20 Apr, 06:26

p​o​w​e​r​e​d by O​S​Q​A