If I want to speed-up the sniffer and minimize the size of the winpcap dump file.
Can I discard TCP packets with
TCP flags = ACK
?
Guy Harris
A more precise filter would fetch the IP total length, subtract the IP and TCP header lengths, and save only packets where the result is greater than zero
tcp and ((ip[2:2] - (((ip[0] & 0x0f) << 2) + ((tcp[12] & 0xf0) >> 2))) > 0)
Guy, I appreciate your help.
I already calculate the TCP data length in my application code, and I need it there, so I don't put this rules inside the BPfilter.
My idea was a sort of "pre-filter" with a simple expression, but now I understand it was wrong.
Grazie, Massimo
================================================================== This is the WinPcap users list. It is archived at http://www.mail-archive.com/[email protected]/
To unsubscribe use mailto: [EMAIL PROTECTED]
==================================================================
