First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

The display filter for the IP destination doesn't seem to be working properly.

  • retag add tags

I'm somewhat new to Wireshark so I may be doing something wrong. I'm trying to filter the Destination on a certain subnet. Wireshark is filtering some lines, but it's leaving in some IP address lines that I would think would be filtered.

This is the DisplayFilter I'm using:

ip.dst == 10.192.240.0/23

Please see the pic in this link:

https://drive.google.com/open?id=18-y...

Thanks for your help.

Mike

mikecowdell's avatar
3
mikecowdell
asked 2018-08-15 20:02:39 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

The packets that seem out of range are all ICMP packets. Probably, the ICMP header contains a copy of the ICMP header of the packet that triggered the need for the ICMP reply, and that header copy contains an IP in the 10.192.240.x range in its Destination field. Look inside the ICMP data and I bet you'll see another IP header sitting inside.

mctmike's avatar
16
mctmike
answered 2018-08-15 20:34:41 +0000
edit flag offensive 0 remove flag delete link
more

Comments

1

Nice! That was it. Thanks for the explanation!

mikecowdell's avatar mikecowdell (2018-08-16 14:03:32 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer