I am using libpcap to capture packet with the following filter:
"tcp[tcpflags] & (tcp-syn) != 0 and not net 127.0.0.1"
But I actually want to get the packet only if the sender is the client (SYN-SENT).
Basically what I am trying to do is to get inform only for new connection and not multiple time for every connection.
Is there a way to do that?
If you only want the SYN from the client but not the SYN+ACK from the server use:
tcp[tcpflags] & (tcp-syn|tcp-ack) == tcp-syn