Wireshark-users: Re: [Wireshark-users] finding a missing ICMP Echo Reply
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Martin Isaksson <martin.isaksson@xxxxxxxxxxxx>
Date: Fri, 5 Oct 2012 17:22:49 +0200
Hi Stuart!

!icmp.resp_in and !icmp.resp_to

There might be an easier way :)

/M

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Stuart Kendrick
Sent: den 5 oktober 2012 11:00
To: Community support list for Wireshark
Subject: [Wireshark-users] finding a missing ICMP Echo Reply

I have a trace tracking one station pinging another, across multiple
days:  32,371 frames

10.1.2.3    10.1.2.4    ICMP    Echo (ping) request
10.1.2.4    10.1.2.3    ICMP    Echo (ping) reply
10.1.2.3    10.1.2.4    ICMP    Echo (ping) request
10.1.2.4    10.1.2.3    ICMP    Echo (ping) reply
[...]

Somewhere in there is one missing ICMP Echo Reply

I want to find precisely where (when) this occurs.

Can you think of a Wireshark way to accomplish this?

[If not, then I'll write a little code to walk through a text version of the trace, looking for two back-to-back 'Echo (ping) request' lines ... 
but I'm hoping for something slightly faster.]

--sk
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe