Wireshark · Ethereal-users: Re: [Ethereal-users] ICMP

Ethereal-users: Re: [Ethereal-users] ICMP

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Scott Lowrey <slowrey@xxxxxxxxxxx>

Date: Mon, 21 Mar 2005 09:14:29 -0500

It's an interesting argument. I wouldn't expect the payload of an ICMP packet to matter. UDP is usually encapsulated in an IP datagram, therefore I wouldn't expect the parser to "see" the UDP inside of an ICMP message and decode it as such.

But I guess I can't fault the other rationale, either. :)

LEGO wrote:

The rationale is pretty straightforward there's udp in the frame so it
matches "udp".

What you might want to do is filter with "udp and not icmp".

On Sun, 20 Mar 2005 12:14:27 -0800, Bob Snyder <bob.snyder@xxxxxxx> wrote:

Why are ICMP packets displayed when a display filter is used that should
exclude them?

For example, when running a traceroute, and with a display filter of
"udp", in addition to the outbound UDP datagrams, the ICMP messages
returned from each router are displayed as well. I know that the ICMP
datagrams include the headers of the datagrams that are being reported
on, but apparently their presence allows them to pass through the
display filter. Is this behavior intentional? If so, what is the rationale?

Bob Snyder

_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users

References:
- [Ethereal-users] ICMP
  - From: Bob Snyder
- Re: [Ethereal-users] ICMP
  - From: LEGO

Prev by Date: Re: [Ethereal-users] ICMP
Next by Date: [Ethereal-users] Microsoft Word Document
Previous by thread: Re: [Ethereal-users] ICMP
Next by thread: Re: [Ethereal-users] ICMP
Index(es):
- Date
- Thread