https://www.wireshark.org/docs/wsug_html/#ChCapCaptureFilterSection "Wireshark capture filters are written in libpcap filter language."
https://www.tcpdump.org/manpages/pcap-filter.7.html "The following TCP flags field values are available: tcp-fin, tcp-syn, tcp-rst, tcp-push, tcp-ack, tcp-urg, tcp-ece, tcp-cwr." To select the start and end packets (the SYN and FIN packets) of each TCP conversation that involves a non-local host. *tcp[tcpflags] & (tcp-syn|tcp-fin) !=* 0 *and not src and dst net* localnet On Mon, Mar 13, 2023 at 10:17 AM Eric Robinson <eric.robin...@psmnv.com> wrote: > Is there a way to capture *only* TCP 3-way handshakes and nothing else? > I've looked online and have not found anything. If that's not possible, > then even capturing the initial SYN and the responding SYN/ACK would be > enough for our purposes. We want to let WireShark run for several > consecutive days and log all the TCP connections. > > -Eric > > > > > > Disclaimer : This email and any files transmitted with it are confidential > and intended solely for intended recipients. If you are not the named > addressee you should not disseminate, distribute, copy or alter this email. > Any views or opinions presented in this email are solely those of the > author and might not represent those of Physician Select Management. > Warning: Although Physician Select Management has taken reasonable > precautions to ensure no viruses are present in this email, the company > cannot accept responsibility for any loss or damage arising from the use of > this email or attachments. > ___________________________________________________________________________ > Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org> > Archives: https://www.wireshark.org/lists/wireshark-users > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users > mailto:wireshark-users-requ...@wireshark.org > ?subject=unsubscribe >
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-requ...@wireshark.org?subject=unsubscribe
