Ethereal-users: Re: [Ethereal-users] UDP Fragments

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Hansang Bae <hbae@xxxxxxxxxx>
Date: Sat, 11 Mar 2006 10:24:12 -0500
On 06:34 AM 3/11/2006, Luis Del Pino wrote:
>Hi, I'm Luis del Pino, What filter could I use to capture UDP datagrams and its fragments?
>
>I have this filter "dst <http://192.168.0.120>192.168.0.120 and (udp dst port 10005 or udp dst port 10006 or udp dst port 10007)" but it doesn't capture the fragments. I only want capture its fragments and not capture all IP datagrams. i have thought to use the fields, flag and fragment offset in the IP  datagram.


You can't use udp level filters for the fragments since they are only fragments (no pertinent udp info).  If you *only* want the fragments, you probably want to filter on IP's "fragment offset" <> 0.

It would probably be better if Ethereals display filter included the fragments.  This would be along the lines of searching for any IP with addr x.x.x.x and getting the relevant ICMP messages embedded with x.x.x.x (even if source/dest do not contain x.x.x.x)


hsb