Hi Stuart!
!icmp.resp_in and !icmp.resp_to
There might be an easier way :)
/M
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Stuart Kendrick
Sent: den 5 oktober 2012 11:00
To: Community support list for Wireshark
Subject: [Wireshark-users] finding a missing ICMP Echo Reply
I have a trace tracking one station pinging another, across multiple
days: 32,371 frames
10.1.2.3 10.1.2.4 ICMP Echo (ping) request
10.1.2.4 10.1.2.3 ICMP Echo (ping) reply
10.1.2.3 10.1.2.4 ICMP Echo (ping) request
10.1.2.4 10.1.2.3 ICMP Echo (ping) reply
[...]
Somewhere in there is one missing ICMP Echo Reply
I want to find precisely where (when) this occurs.
Can you think of a Wireshark way to accomplish this?
[If not, then I'll write a little code to walk through a text version of the trace, looking for two back-to-back 'Echo (ping) request' lines ...
but I'm hoping for something slightly faster.]
--sk
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe