#
#  Look at ICMP packets
#

   if SourcePeerType == IP && SourceTransType == ICMP save, {

      if SourceTransAddress == 0        # Echo reply
         store FlowKind := 'e';
      else if SourceTransAddress ==  3  # Destination unreachable
         store FlowKind := 'U';
      else if SourceTransAddress ==  8  # Echo request
         store FlowKind := 'E';
      else if SourceTransAddress == 11  # Time exceeded
         store FlowKind := 'X';
      else if SourceTransAddress == 13  # Timestamp request
         store FlowKind := 'T';
      else if SourceTransAddress == 14  # Timestamp reply
         store FlowKind := 't';
      else if SourceTransAddress == 17  # Address Mask request
         store FlowKind := 'M';
      else if SourceTransAddress == 18  # Address Mask reply
         store FlowKind := 'm';
      else store FlowKind := '?';

      save SourceTransAddress;  # ICMP type
      save DestTransAddress;    # ICMP dest
      save SourcePeerAddress;
      save DestPeerAddress;
      count;
      }

   else ignore;  # Not an IP packet


set 5;
#format 
#   SourceKind DestKind FlowKind "  "
#   SourcePeerType SourcePeerAddress DestPeerAddress "  "
#   SourceTransType SourceTransAddress DestTransAddress;