On Sat, May 30, 2009 at 09:24:22AM -0700, Merton Campbell Crockett wrote:
> In addition to looking at traffic to or from specific clients, I want
> to look at any ICMP traffic that involves the specific client. I've
> used the following filter expression.
>
> icmp or ip.addr eq 10.10.208.211
>
> Unfortunately, this filter includes all ICMP traffic instead of just
> the ICMP traffic that is related to 10.10.208.211.
Try "icmp and ip.addr eq 10.10.208.211" to find packets to/from that IP
that are ICMP -and- packets that have ICMP packets containing traffic
to/from that IP in the ICMP payload.
> Is there a way to filter ICMP traffic based on the IP, TCP, or UDP
> headers that are being returned in the payload of the ICMP packet?
No, because it is handed by the IP dissector and then TCP/UDP
dissectors.
> If not, is there a way to remove "uninteresting" packets from the
> packet display pane?
Not easily. You could add "!frame.number == #" to the display filter
or mark certain packets and save only the marked ones or save ranges of
packets in the save dialog.
Steve