On Aug 17, 2006, at 6:41 AM, Erik P Vinther wrote:
-------------------
The Ethereal project is being continued at a new site. Please go to
http://www.wireshark.org and subscribe to wireshark-users@xxxxxxxxxxxxx
.
Don't forget to unsubscribe from this list at
http://www.ethereal.com/mailman/listinfo/ethereal-users
-------------------
Thus, I'm redirecting this to the Wireshark list.
Can i define a pure HTTP capture filer (excluding the tpc)?
What do you mean "excluding the tpc"?
If you mean "excluding the TCP", what does that mean? Do you mean
"how do I define a capture filter that captures packets with HTTP
traffic but doesn't capture ACK-only packets?" (HTTP runs over TCP,
with some rare exceptions, so literally "excluding the TCP" would
exclude HTTP as well.)
For TCP over IPv4, see
http://www.tcpdump.org/lists/workers/2005/11/msg00027.html
for an example of a filter that will capture only TCP packets with
data (i.e., no ACK-only packets).