Hi
I have written a custom protocol realtime sniffer & decoder.
I read RFC, and I understand this about TCP flags: ACK PUSH the packet contain data ACK the packet is a confirmation other depending on the flags
If I want to speed-up the sniffer and minimize the size of the winpcap dump file.
Can I discard TCP packets with
TCP flags = ACK
?
Is it a good idea ?
Is this a right BPfilter expression build on this idea ?
multicast or icmp or (port 80 && (tcpflags!=tcp-ack))
ciao, Massimo
================================================================== This is the WinPcap users list. It is archived at http://www.mail-archive.com/winpcap-users@winpcap.polito.it/
To unsubscribe use mailto: [EMAIL PROTECTED]
==================================================================
