Comment # 9
on bug 11965
from Christopher Maynard
(In reply to Erwin Van de Velde from comment #8)
> That would also filter out ICMP errors originating from 10.16.10.176 in
> reply to an incoming packet. ICMP error 11 (TTL exceeded) causes the same
> issue too btw and who knows what other protocols might cause it, e.g. IP in
> IP etc? I do not think this is the proper way to do it.
>
> It would be so much easier if I could tell the filter 'source IP address of
> outer header' and other things like that.
I don't disagree that it would be easier and I've proposed enhancing Wireshark
to allow an "occurrence" indicator like tshark allows, but to date nobody has
had the time/desire to implement the idea.
I've just given you a work-around example so that you can filter out the 1 case
from the capture file you posted. If you don't care about any ICMP packets,
regardless of type, then you could use the simpler filter:
(ip.src="" and !icmp
If you also want ICMP packets originating from 10.16.10.176, then maybe the
following will suffice for now:
(ip.src="" and !(ip.dst==10.16.10.176)
You are receiving this mail because:
- You are watching all bug changes.