Wireshark · Wireshark-users: Re: [Wireshark-users] finding a missing ICMP Echo Reply

Wireshark-users: Re: [Wireshark-users] finding a missing ICMP Echo Reply

From: Stuart Kendrick <skendric@xxxxxxxxx>

Date: Fri, 05 Oct 2012 08:35:37 -0700

I'm stumbling on this.

Filtering on icmp.resp_in shows me all the Requests
Filtering on icmp.resp_to shows me all the Replies

Filtering on !icmp.resp_in shows me everything
Filtering on !icmp.resp_to shows me everything

Filtering on "!icmp.resp_in and !icmp_resp_to" shows me everything

Reading the description of these expressions ... I don't understand whatthey do:


icmp_resp_in - Response In (the response to this request is in this frame)
    How can an ICMP Request and an ICMP Reply share the same frame?

icmp_resp_to = Response To (This is the response to the request in thisframe)

    How do I specify which request?

Would you elaborate?

--sk

On 10/5/2012 8:22 AM, Martin Isaksson wrote:

Hi Stuart!

!icmp.resp_in and !icmp.resp_to

There might be an easier way :)

/M

Follow-Ups:
- Re: [Wireshark-users] finding a missing ICMP Echo Reply
  - From: Gerald Combs

References:
- [Wireshark-users] finding a missing ICMP Echo Reply
  - From: Stuart Kendrick
- Re: [Wireshark-users] finding a missing ICMP Echo Reply
  - From: Martin Isaksson

Prev by Date: Re: [Wireshark-users] finding a missing ICMP Echo Reply
Next by Date: Re: [Wireshark-users] finding a missing ICMP Echo Reply
Previous by thread: Re: [Wireshark-users] finding a missing ICMP Echo Reply
Next by thread: Re: [Wireshark-users] finding a missing ICMP Echo Reply
Index(es):
- Date
- Thread