Wireshark mailing list archives
Re: analyzing icmp protocol
From: Ran Shalit <ranshalit () gmail com>
Date: Tue, 26 Sep 2017 07:41:06 +0300
Hi, I identified the problem. The ip header checksum in the reply was 0.(you can see that in the pcap attached in link). I wander why it is not marked in yellow or somthing similar, so that it will be more clear that there might be a problem because of wrong checksum. Thanks. Ran בתאריך 25 בספט 2017 23:25, "Jaap Keuter" <jaap.keuter () xs4all nl> כתב:
HI, Best way is to put a switch with monitor port between the two hosts and
capture the traffic there.
Then you’ll know what the hosts really see from the other, and can
Wireshark be helpful in further checks.
Thanks, JaapOn 25 Sep 2017, at 17:53, Ran Shalit <ranshalit () gmail com> wrote: Hello Jaap, I don't have the capturing in the other side (it is embedded target). I reolve the issue, it seems to be related to checksum. Yet, I didn't see in wireshark any warning or yello marking on the reply checksum. Do you know how I could easily detect that there is an ICMP reply checksum issue with wireshark ? Thanks, Ran On Mon, Sep 25, 2017 at 12:30 PM, Jaap Keuter <jaap.keuter () xs4all nl>
wrote:
Hi, This was captured at 192.168.1.100, yes? What do you see when capturing at the originator interface
(192.168.1.110)?
Thanks, JaapOn 25 Sep 2017, at 09:38, Ran Shalit <ranshalit () gmail com> wrote: Hello, I would appreciate it if someone can assist in analyzing icmp
request/reply :
https://drive.google.com/file/d/0B22GsWueReZTZ0hfU2dRdE9rR2s/view?usp=sharing
I ping from pc to another machine, and in wireshark it looks perfect without error, yet I always get "request time out". I tried a lrager timeout (-w paramater), and ping from different machine, firewall disable, but I always get request time out in the PC. Thank you for any suggestion, Ran
___________________________________________________________________________
Sent via: Wireshark-users mailing list <
wireshark-users () wireshark org>
Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org
?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users () wireshark orgArchives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org
?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org
?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- analyzing icmp protocol Ran Shalit (Sep 25)
- Re: analyzing icmp protocol Jaap Keuter (Sep 25)
- Re: analyzing icmp protocol Ran Shalit (Sep 25)
- Re: analyzing icmp protocol Jaap Keuter (Sep 25)
- Re: analyzing icmp protocol Ran Shalit (Sep 25)
- Re: analyzing icmp protocol Jaap Keuter (Sep 25)
- Re: analyzing icmp protocol Ran Shalit (Sep 26)
- Re: analyzing icmp protocol Jaap Keuter (Sep 27)
- Re: analyzing icmp protocol Ran Shalit (Sep 25)
- Re: analyzing icmp protocol Jaap Keuter (Sep 25)