ICMP filter filtering only Destination Unreachable(type) - icmp == 3 .
ICMP filter filtering Destination Unreachable(type),Destination host unreachable(code) - icmp[0:2] == ?
asked 27 Mar '13, 06:14
The capture filter you are probably thinking of is:
But to be more descriptive, you could use something like this instead:
Note that the compiled BPF code isn't exactly the same though. It seems that the first format is slightly more efficient, taking 2 fewer instructions.
Refer to the pcap-filter man page for more information.
(If instead you're looking for a Wireshark display filter, then refer to pfuender's answer.)
answered 27 Mar '13, 09:35
edited 27 Mar '13, 20:56
You can combine several filters using '&&', so you can use the two filters as you've requested. Here's an example to only show ICMP 'Host Unreachable' messages:
answered 27 Mar '13, 07:12