4
1
Packets that I want to see (just samples, there are thousands of them):
314 2.280146 192.168.0.1 192.168.0.2 TCP ah-esp-encap > 11188 [PSH, ACK] Seq=1 Ack=1 Win=65535 Len=121 316 2.290003 192.168.0.2 192.168.0.1 TCP 11188 > ah-esp-encap [PSH, ACK] Seq=1 Ack=122 Win=5840 Len=98
Packets that I want to be filtered out:
311 2.279182 192.168.0.1 192.168.0.2 TCP ah-esp-encap > 11188 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 312 2.279404 192.168.0.2 192.168.0.1 TCP 11188 > ah-esp-encap [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460 312 2.279404 192.168.0.2 192.168.0.1 TCP 11188 > ah-esp-encap [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460 312 2.279404 192.168.0.2 192.168.0.1 TCP 11188 > ah-esp-encap [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460
How to write that filter? I think the main difference between them is that I want only the PSH packets, and I want to exclude the SYN packets. I looked at the reference but I don't understand it yet.
Jader Dias
Posted 2009-11-23T15:39:13.603
Reputation: 13 660
And why did it work? – Chris – 2015-04-01T21:19:05.937