tcpdump mailing list archives
filter out tcp segments with empty payload
From: Andrei Enshin via tcpdump-workers <tcpdump-workers () lists tcpdump org>
Date: Fri, 27 May 2022 01:01:02 +0900
--- Begin Message --- From: Andrei Enshin <and.enshin () gmail com>
Date: Fri, 27 May 2022 01:01:02 +0900
Hi, since TCP segment has no length of it's payload in it's header, there is no easy way to filter TCP segments by payload length. How to do it is by "subtracting the combined length of the segment header and IP header from the total IP datagram length". However segment header as well as IP header are not fixed. Is there a way to filter packets by TCP payload length? -- Best Regards, Andrei Enshin
--- End Message ---
_______________________________________________ tcpdump-workers mailing list tcpdump-workers () lists tcpdump org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Current thread:
- filter out tcp segments with empty payload Andrei Enshin via tcpdump-workers (May 26)