Ask Your Question

Revision history [back]

Filters and ICMP

Hello,

let's say i captured two packets

  • From 192.168.1.50 to 192.168.1.1 (empty udp from nmap)
  • From 192.168.1.1 to 192.168.1.50 (ICMP - Port unreachable)

I use the filter: ip.src == 192.168.1.50

Both packets are still visible

I know that my first IP-Packet is send back inside the ICMP Reply, and it looks like wireshark also reads the header from the packet inside the ICMP.

can i somehow define a filter or set an option anyware so that the filter only reads the address from the not nested ip Packet?

Using the Filter ip.scr == 192.168.1.50 && !icmp works in this case but is not a nice solution

Thanks in advance