My objective is to obtain in a unique capture the sendt tcp packets from a source host, NOT including the retransmitted packets. Is it possible to not include in the packet the retransmitted packets? I'm using libpcap but any help with wireshark/tshark/snort could be useful (because they use libpcap library)
0
votes
1 Answers
1
votes
From Wiresharks Documentation try the following:
not tcp.analysis.duplicate_ack and not tcp.analysis.retransmission
