https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4297
Chris Maynard <christopher.maynard@xxxxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |[email protected]
| |om
--- Comment #1 from Chris Maynard <christopher.maynard@xxxxxxxxx> 2009-12-04 08:50:54 PST ---
You filter is causing Wireshark to match the ip.src in the IP header with the
ip.dst in the ICMP-encapsulated IP header as well as the ip.dst with the ip.src
in the ICMP-encapsulated IP header, which is why you're seeing the packets.
Expand your ICMP tree and you will see those encapsulated IP addresses which
are causing the match to occur.
If you don't want to see the ICMP packets, then you should append something
like "&& !icmp" or maybe just "&& !(icmp.type == 3)", or whatever you need to
do to eliminate the encapsulated IP headers. Keep in mind that this could
happen with any other protocols that encapsulate IP as well.
Recommend closing this bug as invalid.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
