Trouble with dynamic filter construction

[TCPDump <tcpdump () intrusense com>]

Hello,

I'm having some trouble defining a filter that will reliably match the
ICMP sequence or ICMP identification number I use. 

I use the following it works: 

icmp[0] = 0 && icmp[4] = 255


That's great, but if I do the following it fails:

icmp[0] = 0 && icmp[4] = 256

or

icmp[0] = 0 && icmp[4:2] = 256


I understand why the first one fails, but shouldn't "icmp[4:2] = X"
cover ICMP IDs from 0 - 65535?

I need a filter or set of filters that will cover all possible ICMP
sequence and identification numbers.


Any assistance would be greatly appreciated.


Thanks,

Darren


-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe