On Oct 3, 2006, at 3:59 AM, Phil M wrote:
After reading through the man pages of wireshark and haven't yet
found whether it can give a report like this: I want to ping -t our
Cisco 1700 over a period of, say, 12 hrs and have wireshark report
only these ping packets and echos, what response time they have and
if any drop out. Or can wireshark perform this very function on its
own?
Report only those ping packets and the replies to them (I assume
that's what you mean by "and echos" - ping packets *are* echoes, i.e.
ICMP Echo and ICMP Echo Reply messages)? Yes - you'd want a capture
filter such as
host {pinging machine} and host {your Cisco 1700} and icmp
If you want to see only echoes and echo replies between those
machines, try
host {pinging machine} and host {your Cisco 1700} and (icmp[icmptype]
== icmp-echo or icmp[icmptype] == icmp-echoreply)
(at least with modern versions of libpcap; older versions would
require you to specify the right numerical values for "icmptype",
"icmp-echo", and "icmp-echoreply").
If you want to see the response time or if any echos didn't have a
reply, though, you'd have to modify the ICMP dissector to do request/
response matching, report the response time, and perhaps have an
"expert" to report requests without replies (or have somebody else do
so).