![]() ![]() This means the SYN-bit (2) and the ACK-bit (16) both needs to be set, but all other TCP flags must be unset ![]() Display filters will, by definition, show all packets that match the filter. tcp&18 = 2 means: look at offset 0xd (13 in decimal) and then take it's value and then only look at the bits for SYN (2) and ACK (16) by doing a logical AND.So if you apply a display filter for a destination IP address, it will always show you all packets that have that destination IP address. Go to Statistics > Endpoints and click on the IPv4 tab. ![]() This will show you each IP address only once. If the result is exactly 2, then capture the packet. This means, the SYN-bit (2) needs to be set, the ACK-bit (16) needs to be unset and all other bits in the TCP flags can be set or unset (as they were masked by the AND (&) operator. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |