Ethereal-dev: RE: [Ethereal-dev] Colorfilter expressions matching incorrectly

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "Francisco Alcoba (TS/EEM)" <francisco.alcoba@xxxxxxxxxxxx>
Date: Mon, 11 Apr 2005 11:14:32 +0200
Hi,

> Seems like the filters are broken. See the attached file for a sample
> capture. When you add filter "ip.src==24.14.184.105 && tcp" 
> only packets
> 2 and 5 should be displayed but I also see packets 3 and 6 which has
> different source adress and aren't tcp! 

ip.src==24.14.184.105 means, for ethereal, "in this packet there is a 
source field inside an IP header that equals 24.14.184.105"; it does not
mean "the first IP header in this packet has a source field that equals
24.14.184.105". In your capture packets 3 and 6 are ICMP, and the ICMP
payload includes IP headers with those values.

As a practical tip, "ip.src==24.14.184.105 && tcp &&!icmp" should give
the results you are looking for.

Regards,

  Francisco