https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3061
--- Comment #4 from Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> 2008-11-14 08:39:25 PDT ---
(In reply to comment #2)
> Look at the "ip.dst == 172.16.0.0/12".
>
> 10.0.7.56 is not in the range of 172.16.0.0/12.
>
> CIDR notation for 172.16.0.0/12 states that the address should match 172.16.0.0
> --> 172.31.255.255. If it was /16 it should match 172.16.0.0 -->
> 172.16.255.255.
>
> Either way 10.0.7.56 does not match the filter. (It CORRECTLY filters out TCP
> and UDP traffic)
Sorry, my response was incomplete (I got distracted): if you look inside the
ICMP packet you'll see that embedded in it is an IP packet whose IP destination
is 172.27.1.10). So the "ip.src" matches at the outermost IP layer but the
"ip.dst" matches that in the embedded packet.
Yes, this is intentional, though there has been some talk of creating a new
syntax to specify, for example, /which/ "ip.src" you want, but that's more of a
"wishlist" kind of item.
Does that explanation make more sense?
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
