I have the following tcpdump -i eth0 -n tcp port 5000
to filter every packet flowing between 2 hosts. However, one of the hosts always sends an ACK.
How do I hide this ACK?
I have the following tcpdump -i eth0 -n tcp port 5000
to filter every packet flowing between 2 hosts. However, one of the hosts always sends an ACK.
How do I hide this ACK?
tcpdump -i eth0 -n 'tcp port 5000 and (tcp[tcpflags] & tcp-ack == 0)'
should do what you want. It does bitwise and between TCP flags and ACK-only bitmask, so if there's no ACK, the result should equal to zero.
you can hide it by piping the command to grep:
tcpdump -i eth0 -n tcp port 5000 | grep -e ACK -v
-e option is to select a pattern (ACK in your case)
-v (to invert the grep function : grep all except the defined pattern)
I copied this straight from man tcpdump filters example:
To print all IPv4 HTTP packets to and from port 80, i.e. print only packets that contain data, not, for example, SYN and FIN packets and ACK-only packets. (IPv6 is left as an exercise for the reader.)
tcpdump 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'