Re: analyzing icmp protocol

[Ran Shalit <ranshalit () gmail com>]

Hi,

I identified the problem.
The ip header checksum in the reply was 0.(you can see that in the pcap
attached in link).

I wander why it is not marked in yellow or somthing similar, so that it
will be more clear that there might be a problem because of wrong checksum.

Thanks.
Ran

בתאריך 25 בספט 2017 23:25, "Jaap Keuter" <jaap.keuter () xs4all nl> כתב:
> HI,
>
> Best way is to put a switch with monitor port between the two hosts and
capture the traffic there.
> Then you’ll know what the hosts really see from the other, and can
Wireshark be helpful in further checks.
> Thanks,
> Jaap
>
>
> > On 25 Sep 2017, at 17:53, Ran Shalit <ranshalit () gmail com> wrote:
> >
> > Hello Jaap,
> >
> > I don't have the capturing in the other side (it is embedded target).
> > I reolve the issue, it seems to be related to checksum.
> > Yet, I didn't see in wireshark any warning or yello marking on the
> > reply checksum.
> >
> > Do you know how I could easily detect that there is an ICMP reply
> > checksum issue with wireshark ?
> >
> > Thanks,
> > Ran
> >
> > On Mon, Sep 25, 2017 at 12:30 PM, Jaap Keuter <jaap.keuter () xs4all nl>
wrote:
> > > Hi,
> > >
> > > This was captured at 192.168.1.100, yes?
> > > What do you see when capturing at the originator interface
(192.168.1.110)?
> > > Thanks,
> > > Jaap
> > >
> > >
> > > > On 25 Sep 2017, at 09:38, Ran Shalit <ranshalit () gmail com> wrote:
> > > >
> > > > Hello,
> > > >
> > > > I would appreciate it if someone can assist in analyzing icmp
request/reply :
> > > >
https://drive.google.com/file/d/0B22GsWueReZTZ0hfU2dRdE9rR2s/view?usp=sharing
> > > > I ping from pc to another machine, and in wireshark it looks perfect
> > > > without error, yet I always get "request time out".
> > > > I tried a lrager timeout (-w paramater), and ping from different
> > > > machine, firewall disable, but I always get request time out in the
> > > > PC.
> > > >
> > > > Thank you for any suggestion,
> > > > Ran
___________________________________________________________________________
> > > Sent via:    Wireshark-users mailing list <
wireshark-users () wireshark org>
> > > Archives:    https://www.wireshark.org/lists/wireshark-users
> > > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
> > >             mailto:wireshark-users-request () wireshark org
?subject=unsubscribe
> >
___________________________________________________________________________
> > Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org
>
> > Archives:    https://www.wireshark.org/lists/wireshark-users
> > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
> >             mailto:wireshark-users-request () wireshark org
?subject=unsubscribe
>
___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
> Archives:    https://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
>              mailto:wireshark-users-request () wireshark org
?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe