I'm pinging my local desktop from a server (Solarwinds Log & Event Manager Virtual Appliance) and when I type "ICMP" into the display filter nothing shows up. However, when I do a "ip.host == 10.96.4.130" in the display filter I start seeing syn + rst/ack packets.
Can anyone tell me why these aren't showing up as regular ICMP packets? When I get a colleague to ping my machine they show up ok, as ICMP, so I don't think it's a setting on my local host. Server Address = 10.96.4.130 PC Address = 10.96.47.6 Capture taken from PC. asked 03 Dec '12, 02:39  m0wax edited 03 Dec '12, 02:41 |
One Answer:
Looks like the server ping uses TCP SYN "scans" against the echo service instead of regular pings, but I can't say why. How did you ping from the server? Is it from command line, or an integrated server feature? Try using the ping command from the command line; these should show up as ICMP messages. answered 03 Dec '12, 03:01  Jasper ♦♦ |
@m0wax: Did you choose a monitoring method called echoping in the Solarwinds appliance? If so, the appliance is most certainly using the echoping tool and you get what you see.