Wireshark · Wireshark-users: [Wireshark-users] Filtering ICMP Packets Based on IP Addresses in the ICMP Payload

Wireshark-users: [Wireshark-users] Filtering ICMP Packets Based on IP Addresses in the ICMP Paylo

From: Merton Campbell Crockett <m.c.crockett@xxxxxxxxxxxxxx>

Date: Sat, 30 May 2009 09:24:22 -0700

I've used Ethereal and Wireshark for a number of years to eithercapture or analyze network traffic. I am looking at a probleminvolving one of our servers. I have used a Cisco NAM to capture alltraffic to or from the server.

In addition to looking at traffic to or from specific clients, I wantto look at any ICMP traffic that involves the specific client. I'veused the following filter expression.


	icmp or ip.addr eq 10.10.208.211

Unfortunately, this filter includes all ICMP traffic instead of justthe ICMP traffic that is related to 10.10.208.211.

Is there a way to filter ICMP traffic based on the IP, TCP, or UDPheaders that are being returned in the payload of the ICMP packet?

If not, is there a way to remove "uninteresting" packets from thepacket display pane?


Merton Campbell Crockett
m.c.crockett@xxxxxxxxxxxxxx

Follow-Ups:
- Re: [Wireshark-users] Filtering ICMP Packets Based on IP Addresses in the ICMP Payload
  - From: Steven Shippee
- Re: [Wireshark-users] Filtering ICMP Packets Based on IP Addresses in the ICMP Payload
  - From: Stephen Fisher

Prev by Date: Re: [Wireshark-users] how to extract data-text-lines
Next by Date: Re: [Wireshark-users] Filtering ICMP Packets Based on IP Addresses in the ICMP Payload
Previous by thread: Re: [Wireshark-users] how to extract data-text-lines
Next by thread: Re: [Wireshark-users] Filtering ICMP Packets Based on IP Addresses in the ICMP Payload
Index(es):
- Date
- Thread