Ethereal-dev: RE: [Ethereal-dev] Colorfilter expressions matching incorrectly

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Radek Vokal <rvokal@xxxxxxxxxx>
Date: Mon, 11 Apr 2005 11:33:27 +0200
On Mon, 2005-04-11 at 11:14 +0200, Francisco Alcoba (TS/EEM) wrote:
> Hi,
> 
> > Seems like the filters are broken. See the attached file for a sample
> > capture. When you add filter "ip.src==24.14.184.105 && tcp" 
> > only packets
> > 2 and 5 should be displayed but I also see packets 3 and 6 which has
> > different source adress and aren't tcp! 
> 
> ip.src==24.14.184.105 means, for ethereal, "in this packet there is a 
> source field inside an IP header that equals 24.14.184.105"; it does not
> mean "the first IP header in this packet has a source field that equals
> 24.14.184.105". In your capture packets 3 and 6 are ICMP, and the ICMP
> payload includes IP headers with those values.
> 

Ok, thanks for explaining me this. 

> As a practical tip, "ip.src==24.14.184.105 && tcp &&!icmp" should give
> the results you are looking for.

Hmm, I'm bit confused with the behavior. Shouldn't the second param
&&tcp show ONLY tcp packets? 

> 
> Regards,
> 
>   Francisco
> 
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
-- 
Radek Vokál     <rvokal@xxxxxxxxxx> 
OS Systems Engineer
        IT executives rate Red Hat #1 for value
        http://www.redhat.com/promo/vendor/index.html