Wireshark · Ethereal-users: Re: [Ethereal-users] tethereal for selective capture

Ethereal-users: Re: [Ethereal-users] tethereal for selective capture

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxx>

Date: Fri, 20 Jul 2001 12:13:55 -0700 (PDT)

> Selecting particular *types* of ICMP packets is left as an exercise to
> the reader, *if* there's so much ICMP traffic on the network that
> capturing only Echo packets is worthwhile.

...and *if* capturing only ICMP Echo responses would do what you want;
note that most of the traceroute replies are *NOT* ICMP Echo responses,
they're ICMP Time Exceeded responses, and, by default, traceroute
doesn't send out ICMP Echo packets - as the traceroute man page says:

DESCRIPTION
     The Internet is a large and complex aggregation  of  network
     hardware,  connected  together  by  gateways.   Tracking the
     route one's packets follow (or finding the miscreant gateway
     that's  discarding  your  packets)  can  be difficult.  Tra-
     ceroute utilizes the IP protocol `time to  live'  field  and
     attempts  to elicit an ICMP TIME_EXCEEDED response from each
     gateway along the path to some host.

		...

     Other options are:

		...

	     -I   Use ICMP ECHO instead of UDP datagrams.

References:
- Re: [Ethereal-users] tethereal for selective capture
  - From: Guy Harris

Prev by Date: Re: [Ethereal-users] tethereal for selective capture
Next by Date: [Ethereal-users] (no subject)
Previous by thread: Re: [Ethereal-users] tethereal for selective capture
Next by thread: [Ethereal-users] Linux rpm dependency problem
Index(es):
- Date
- Thread