Wireshark · Ethereal-users: Re: [Ethereal-users] Re: ICMP

Ethereal-users: Re: [Ethereal-users] Re: ICMP

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Jack Jackson <jack@xxxxxxxxxxxxxxx>

Date: Mon, 21 Mar 2005 16:14:02 -0800

At 04:06 PM 3/21/2005, James Knott wrote:

ronnie sahlberg wrote:

That is what is supposed to happen.
Rationale:
You asked for all packets containing the UDP protocol and you got them.
An analyzer that filtered for UDP and did not show you these pacekts
to you would be broken. Ethereal is not broken in this regard.


ICMP is not UDP.  Why should Ethereal show something that's not selected?


Because there is a UDP message inside the ICMP message.

The best reason I can think of for it working this way is: Suppose you arecapturing a UDP conversation. If at some point a UDP message gets returnedvia ICMP because of some error, you probably want to see that.

References:
- [Ethereal-users] ICMP
  - From: Bob Snyder
- [Ethereal-users] Re: ICMP
  - From: ronnie sahlberg
- Re: [Ethereal-users] Re: ICMP
  - From: James Knott

Prev by Date: Re: [Ethereal-users] ICMP
Next by Date: Re: [Ethereal-users] Microsoft Word Document
Previous by thread: Re: [Ethereal-users] Re: ICMP
Next by thread: Re: [Ethereal-users] Re: ICMP
Index(es):
- Date
- Thread