Hi,
This can happen. The filter matches any packet having a dissected field
"ip.src" with the value "10.10.0.108". This is not necessaraly limited to
the IP layer. Also a payload can contains such fields, like in ICMP
messages or trace protocols.
Thanx,
Jaap
On Thu, 16 Nov 2006, Benoit Lanteigne wrote:
> Hi everyone,
>
> I am a new user of wireshark and I have a problem. I have a file
> containing 15 minutes of captured traffic. I am trying to use a display
> filter to filter the source IP like this ip.src == 10.10.0.104. In most
> case this works fine, but for some IP it does not. For instance, if I
> use ip.src == 10.10.0.108 I would suppose that only packets with
> 10.10:.0.108 as source should be displayed but I also get packets with
> source IP like 10.10.4.1 and 207.102.162.1.
>
> If anyone have an idea what is happening, please let me know. Thank
> you in advance.
>
> Benoit Lanteigne
>