Is it possible to not include retransmitted packets from a libpcap capture?

Question

My objective is to obtain in a unique capture the sendt tcp packets from a source host, NOT including the retransmitted packets. Is it possible to not include in the packet the retransmitted packets? I'm using libpcap but any help with wireshark/tshark/snort could be useful (because they use libpcap library)

check the "discussion" part here http://wiki.wireshark.org/DuplicatePackets (wireshark filter) — TheNewOne, Jul 26 '13 at 13:59
possible duplicate of [Detecting forwarded packet with libpcap](http://stackoverflow.com/questions/17813116/detecting-forwarded-packet-with-libpcap) — jman, Aug 07 '13 at 01:02

score 1 · Accepted Answer · answered Aug 02 '13 at 14:08

1

From Wiresharks Documentation try the following:

 not tcp.analysis.duplicate_ack and not tcp.analysis.retransmission

answered Aug 02 '13 at 14:08

Nicholas Blasgen

772
7
13

Is it possible to not include retransmitted packets from a libpcap capture?

1 Answers1