Wireshark · Ethereal-users: [Ethereal-users] Filtering on nested IP headers in ICMP packets

Ethereal-users: [Ethereal-users] Filtering on nested IP headers in ICMP packets

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: nnposter@xxxxxxxxxxxxxxxxxxxxx

Date: Tue, 20 Apr 2004 19:40:12 -0000

Display filter elements related to IP header, such as "ip.src" and
"ip.dst", seem to have unwanted effect when applied to ICMP Destination
Unreachable packets. In particular, filter "ip.src==A.B.C.D" matches not
only if A.B.C.D is the source IP address of the ICMP packet but also if it
is the source IP address of the triggering encapsulated packet.

Example:

   1.1.1.1 -> 2.2.2.2 UDP DSTPORT=1234
   2.2.2.2 -> 1.1.1.1 ICMP ITYPE=3, ICODE=3, DATA=(original packet)

The ICMP packet above will match against "ip.src==1.1.1.1"
or even "ip.src!=2.2.2.2".

There is no obvious trick how to differentiate between the outside
and inside IP headers (other than using offsets). Is this a bug or a
desired behavior?


TIA
nnposter

Prev by Date: [Ethereal-users] Game lags - many TCP retransmissions?
Next by Date: [Ethereal-users] Ethereal - Max out CPU
Previous by thread: [Ethereal-users] Game lags - many TCP retransmissions?
Next by thread: [Ethereal-users] Ethereal - Max out CPU
Index(es):
- Date
- Thread