Filter ICMP packets sent from my IP address in Wireshark with the Packet Filter

Question

I want to filter the ICMP packets sent from my IP address in Wireshark.

I tried the following expression:

ip.src == xxx.xxx.xxx.xxx && icmp

But the problem is that it shows packets with ip.src = yyy.yyy.yyy.yyy
that were sent to ip.dst = xxx.xxx.xxx.xxx.

amiregelz · Accepted Answer · 2012-12-11 14:49:19Z

1

The problem is that ICMP type 11 (TTL expired) returns the IP header of the sent IP packet. So in order to fix it, we need to exclude the type 11 ICMP. 0b = 11 in decimal, so use this filter to fix it:

ip.src == xxx.xxx.xxx.xxx && !(icmp[0] == B ) && icmp

edited Dec 11, 2012 at 14:49

amiregelz

8,20712 gold badges49 silver badges58 bronze badges

answered Dec 11, 2012 at 13:44

0xab3d

3352 gold badges7 silver badges15 bronze badges

0b = 11 in decimal so we want to exclude the type 11 ICMP
– 0xab3d
Commented Dec 11, 2012 at 13:46

Add a comment |

Raystafarian · Accepted Answer · 2013-08-01 10:53:46Z

-1

try ip.dst != xxx.xxx.xxx.xxx && ip.src != xxx.xxx.xxx.xxx

edited Aug 1, 2013 at 10:53

Raystafarian

21.8k12 gold badges62 silver badges90 bronze badges

answered Aug 1, 2013 at 10:32

Lump

1

Add a comment |

Stack Exchange Network

Filter ICMP packets sent from my IP address in Wireshark with the Packet Filter

2 Answers 2

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged
wireshark
icmp
.

Hot Network Questions

Filter ICMP packets sent from my IP address in Wireshark with the Packet Filter

2 Answers 2

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged wiresharkicmp.

Related

Hot Network Questions

Not the answer you're looking for? Browse other questions tagged
wireshark
icmp
.