Dear, Giles, please try this syntax: proto icmp and icmp-type 3 and icmp-code 4
On 06/05/13 17:42, Giles Coochey wrote: > I'm using Nfsen and am trying to view flows that contain icmp type 3 > code 4 messages (Needs fragmenting but DF bit set). > > I tried > > proto ICMP and icmp[0]=3 and icmp[1]=4 > > but it doesn't appear to work. Is there a specific filter for that? ... -- Vytautas Krakauskas LITNET CERT Phone: +370 37 300645 Email: [email protected] ------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. A cloud service to automate IT design, transition and operations 2. Dashboards that offer high-level views of enterprise services 3. A single system of record for all IT processes http://p.sf.net/sfu/servicenow-d2d-j _______________________________________________ Nfdump-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
