Ask Your Question
0

The display filter for the IP destination doesn't seem to be working properly.

asked 2018-08-15 20:02:39 +0000

mikecowdell gravatar image

I'm somewhat new to Wireshark so I may be doing something wrong. I'm trying to filter the Destination on a certain subnet. Wireshark is filtering some lines, but it's leaving in some IP address lines that I would think would be filtered.

This is the DisplayFilter I'm using:

ip.dst == 10.192.240.0/23

Please see the pic in this link:

https://drive.google.com/open?id=18-y...

Thanks for your help.

Mike

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2018-08-15 20:34:41 +0000

mctmike gravatar image

The packets that seem out of range are all ICMP packets. Probably, the ICMP header contains a copy of the ICMP header of the packet that triggered the need for the ICMP reply, and that header copy contains an IP in the 10.192.240.x range in its Destination field. Look inside the ICMP data and I bet you'll see another IP header sitting inside.

edit flag offensive delete link more

Comments

1

Nice! That was it. Thanks for the explanation!

mikecowdell gravatar imagemikecowdell ( 2018-08-16 14:03:32 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2018-08-15 20:02:39 +0000

Seen: 272 times

Last updated: Aug 15 '18