Filter ICMP packets sent from the IP address in Wireshark with the Packet Filter

icmpwireshark

I want to filter the ICMP packets sent from my IP address in Wireshark.

I tried the following expression:

ip.src == xxx.xxx.xxx.xxx && icmp

But the problem is that it shows packets with ip.src = yyy.yyy.yyy.yyy
that were sent to ip.dst = xxx.xxx.xxx.xxx.

Best Answer

The problem is that ICMP type 11 (TTL expired) returns the IP header of the sent IP packet. So in order to fix it, we need to exclude the type 11 ICMP. 0b = 11 in decimal, so use this filter to fix it:

ip.src == xxx.xxx.xxx.xxx && !(icmp[0] == B ) && icmp

Related Solutions

How to filter those TCP packets on Wireshark/Ethereal

I found the answer:

tcp.flags.push == 1

Wireshark – How to Determine Which Program Sent a Packet

The process id doesn't make it onto the stream that Wireshark is reading.
Netmon is better suited for this task on Windows.

Best Answer

Related Solutions

How to filter those TCP packets on Wireshark/Ethereal

Wireshark – How to Determine Which Program Sent a Packet

Related Question