Wireshark-dev: [Wireshark-dev] test code (test/suite_capture.sh) uses icmp capture filter "all
From: Ulf Lamping <[email protected]>
Date: Sun, 13 Apr 2008 20:57:30 +0200

Just stumbled across the filter string "icmp" in test/suite_capture.sh (several places):
       -w ./testout.pcap \
       -c 10  \
       -a duration:$TRAFFIC_CAPTURE_DURATION \
       -f icmp \
       >> ./testout.txt 2>&1

I just don't understand the line "-f icmp", is there a reason for it or is this some kind of copy/paste error?

I mean e.g. the first test "capture_step_10packets" should simply test if it can capture 10 packets and should *not* test the filtering system. For example if there's a bug in the filtering system, this test would fail although plain capturing maybe works ok.
Regards, ULFL