>I would like to construct a tcpdump filter expression to catch ICMP
>host unreachable packets so that I can allow pppd to timeout even when
>those packets are present on the link.  I presume I can do something
>like
>
>	ip protocol icmp[0] ...
>
>but I'm not sure how to finish the expression.

i think

	icmp[0]==3 && (icmp[1]==1 || icmp[1]==13)

should do the job.  that's icmp type ICMP_UNREACH with subtype
ICMP_UNREACH_HOST or ICMP_UNREACH_ADMIN_PROHIBIT.

the 'ip protocol' bit you can leave out.  that's sort of implicit
based on the rest of the expression.

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
andrew@crossbar.com       * "information is power -- share the wealth."