Wireshark-users: Re: [Wireshark-users] analyzing icmp protocol

From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Mon, 25 Sep 2017 22:24:00 +0200
HI,

Best way is to put a switch with monitor port between the two hosts and capture the traffic there. 
Then you’ll know what the hosts really see from the other, and can Wireshark be helpful in further checks.

Thanks,
Jaap


> On 25 Sep 2017, at 17:53, Ran Shalit <ranshalit@xxxxxxxxx> wrote:
> 
> Hello Jaap,
> 
> I don't have the capturing in the other side (it is embedded target).
> I reolve the issue, it seems to be related to checksum.
> Yet, I didn't see in wireshark any warning or yello marking on the
> reply checksum.
> 
> Do you know how I could easily detect that there is an ICMP reply
> checksum issue with wireshark ?
> 
> Thanks,
> Ran
> 
> On Mon, Sep 25, 2017 at 12:30 PM, Jaap Keuter <jaap.keuter@xxxxxxxxx> wrote:
>> Hi,
>> 
>> This was captured at 192.168.1.100, yes?
>> What do you see when capturing at the originator interface (192.168.1.110)?
>> 
>> Thanks,
>> Jaap
>> 
>> 
>>> On 25 Sep 2017, at 09:38, Ran Shalit <ranshalit@xxxxxxxxx> wrote:
>>> 
>>> Hello,
>>> 
>>> I would appreciate it if someone can assist in analyzing icmp request/reply :
>>> 
>>> https://drive.google.com/file/d/0B22GsWueReZTZ0hfU2dRdE9rR2s/view?usp=sharing
>>> 
>>> I ping from pc to another machine, and in wireshark it looks perfect
>>> without error, yet I always get "request time out".
>>> I tried a lrager timeout (-w paramater), and ping from different
>>> machine, firewall disable, but I always get request time out in the
>>> PC.
>>> 
>>> Thank you for any suggestion,
>>> Ran
>> 
>> ___________________________________________________________________________
>> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
>> Archives:    https://www.wireshark.org/lists/wireshark-users
>> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
>>             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    https://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe