Wireshark-users: Re: [Wireshark-users] Filtering ICMP Packets Based on IP Addresses in the ICMP P
I've had better luck with filters such as ip.addr==10.10.208.211
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Merton Campbell
Crockett
Sent: Saturday, May 30, 2009 9:24 AM
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] Filtering ICMP Packets Based on IP Addresses in
the ICMP Payload
I've used Ethereal and Wireshark for a number of years to either
capture or analyze network traffic. I am looking at a problem
involving one of our servers. I have used a Cisco NAM to capture all
traffic to or from the server.
In addition to looking at traffic to or from specific clients, I want
to look at any ICMP traffic that involves the specific client. I've
used the following filter expression.
icmp or ip.addr eq 10.10.208.211
Unfortunately, this filter includes all ICMP traffic instead of just
the ICMP traffic that is related to 10.10.208.211.
Is there a way to filter ICMP traffic based on the IP, TCP, or UDP
headers that are being returned in the payload of the ICMP packet?
If not, is there a way to remove "uninteresting" packets from the
packet display pane?
Merton Campbell Crockett
m.c.crockett@xxxxxxxxxxxxxx
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
