Wireshark-users: Re: [Wireshark-users] analyzing icmp protocol
From: Ran Shalit <ranshalit@xxxxxxxxx>
Date: Tue, 26 Sep 2017 07:41:06 +0300

Hi,

I identified the problem.
The ip header checksum in the reply was 0.(you can see that in the pcap attached in link).

I wander why it is not marked in yellow or somthing similar, so that it will be more clear that there might be a problem because of wrong checksum.

Thanks.
Ran

בתאריך 25 בספט 2017 23:25, "Jaap Keuter" <jaap.keuter@xxxxxxxxx> כתב:
>
> HI,
>
> Best way is to put a switch with monitor port between the two hosts and capture the traffic there.
> Then you’ll know what the hosts really see from the other, and can Wireshark be helpful in further checks.
>
> Thanks,
> Jaap
>
>
> > On 25 Sep 2017, at 17:53, Ran Shalit <ranshalit@xxxxxxxxx> wrote:
> >
> > Hello Jaap,
> >
> > I don't have the capturing in the other side (it is embedded target).
> > I reolve the issue, it seems to be related to checksum.
> > Yet, I didn't see in wireshark any warning or yello marking on the
> > reply checksum.
> >
> > Do you know how I could easily detect that there is an ICMP reply
> > checksum issue with wireshark ?
> >
> > Thanks,
> > Ran
> >
> > On Mon, Sep 25, 2017 at 12:30 PM, Jaap Keuter <jaap.keuter@xxxxxxxxx> wrote:
> >> Hi,
> >>
> >> This was captured at 192.168.1.100, yes?
> >> What do you see when capturing at the originator interface (192.168.1.110)?
> >>
> >> Thanks,
> >> Jaap
> >>
> >>
> >>> On 25 Sep 2017, at 09:38, Ran Shalit <ranshalit@xxxxxxxxx> wrote:
> >>>
> >>> Hello,
> >>>
> >>> I would appreciate it if someone can assist in analyzing icmp request/reply :
> >>>
> >>> https://drive.google.com/file/d/0B22GsWueReZTZ0hfU2dRdE9rR2s/view?usp=sharing
> >>>
> >>> I ping from pc to another machine, and in wireshark it looks perfect
> >>> without error, yet I always get "request time out".
> >>> I tried a lrager timeout (-w paramater), and ping from different
> >>> machine, firewall disable, but I always get request time out in the
> >>> PC.
> >>>
> >>> Thank you for any suggestion,
> >>> Ran
> >>
> >> ___________________________________________________________________________
> >> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> >> Archives:    https://www.wireshark.org/lists/wireshark-users
> >> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
> >>             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
> > ___________________________________________________________________________
> > Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> > Archives:    https://www.wireshark.org/lists/wireshark-users
> > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
> >             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    https://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
>              mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe