Hi Giles, In nfdump man page there is a filter for icmp types described:
ICMP icmp-type <num> icmp-code <num> with <num> as a valid icmp type/code. This automatically implies proto icmp. Regards Alex -----Ursprüngliche Nachricht----- Von: Giles Coochey [mailto:[email protected]] Gesendet: Mittwoch, 5. Juni 2013 16:42 An: [email protected] Betreff: [Nfdump-discuss] Filter to only see ICMP type 3, code 4 messages I'm using Nfsen and am trying to view flows that contain icmp type 3 code 4 messages (Needs fragmenting but DF bit set). I tried proto ICMP and icmp[0]=3 and icmp[1]=4 but it doesn't appear to work. Is there a specific filter for that? -- Regards, Giles Coochey, CCNP, CCNA, CCNAS NetSecSpec Ltd +44 (0) 7983 877438 http://www.coochey.net http://www.netsecspec.co.uk [email protected] ------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. A cloud service to automate IT design, transition and operations 2. Dashboards that offer high-level views of enterprise services 3. A single system of record for all IT processes http://p.sf.net/sfu/servicenow-d2d-j _______________________________________________ Nfdump-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
