Wireshark-users: Re: [Wireshark-users] problem with display filter
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Thu, 16 Nov 2006 17:18:05 +0100 (CET)
Hi,

This can happen. The filter matches any packet having a dissected field
"ip.src" with the value "10.10.0.108". This is not necessaraly limited to
the IP layer. Also a payload can contains such fields, like in ICMP
messages or trace protocols.

Thanx,
Jaap

On Thu, 16 Nov 2006, Benoit Lanteigne wrote:

> Hi everyone,
>
> I am a new user of wireshark and I have a problem.  I have a file
> containing 15 minutes of captured traffic.  I am trying to use a display
> filter to filter the source IP like this ip.src == 10.10.0.104.  In most
> case this works fine, but for some IP it does not.  For instance, if I
> use ip.src == 10.10.0.108 I would suppose that only packets with
> 10.10:.0.108 as source should be displayed but I also get packets with
> source IP like 10.10.4.1 and 207.102.162.1.
>
> If anyone have an idea what is happening, please let me know.  Thank
> you in advance.
>
> Benoit Lanteigne
>