jesus filters

When examining a capture of some malware trying to spread, often times it will SYN several hundred machines without getting a reply. Trolling through these can be a pain. But by using tethereal, you can make what I call "Jesus" pcaps (no SYN's). To make it complete, I also filter RST's like so:

tethereal -r infile.pcap -w outfile -R "tcp.flags.syn==0 && tcp.flags.reset==0"

