![]() ![]() Not every packet in a PCAP is just a simple Ethernet / IPv4 / TCP packet. Matching a specific layer in the protocol stack That's where these enhancements make your filtering job easier. Appear more than once in a single packet.Quote other protocols in a reply (ICMP).Tunnel the same protocols multiple times (IP-in-IP).Why does this matter? Well, maybe you deal with protocols that: The filter expression limitation has been an issue on the Wireshark bug tracker for a long time - 13 years: Filter expression syntax needs to handle tunneling better. In packets that contain the same protocol more than once, it was previously impossible to distinguish between these protocols using a display filter. ![]() If you analyze network protocols like IPv4, ICMP, IPv6, ICMPv6, TLS, and GRE, this article is for you. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |