tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

filter out tcp segments with empty payload

From: Andrei Enshin via tcpdump-workers <tcpdump-workers () lists tcpdump org>
Date: Fri, 27 May 2022 01:01:02 +0900
--- Begin Message --- From: Andrei Enshin <and.enshin () gmail com>
Date: Fri, 27 May 2022 01:01:02 +0900
Hi,

since TCP segment has no length of it's payload in it's header, there
is no easy way to filter TCP segments by payload length.

How to do it is by "subtracting the combined length of the segment
header and IP header from the total IP datagram length".

However segment header as well as IP header are not fixed.

Is there a way to filter packets by TCP payload length?

-- 
Best Regards,
Andrei Enshin

--- End Message ---
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Previous By Date Next
Previous By Thread Next

Current thread: