This is a static archive of our old Q&A Site. Please post any new questions and answers at

Can i filter ICMP PING for requests that never received a Reply?


I have a large capture with thousands of PINGS. I know at one time i saw Request timed out on the node i was monitoring, indicating it never received a reply for those PINGS. Can i use a Wireshark filter to find the Requests that never received a Reply?

asked 11 Dec '12, 13:20

philliplew's gravatar image

accept rate: 0%

One Answer:


You can try using "not icmp.resp_in and icmp.type==8" which will give you all icmp requests where wireshark doesn't have the according response inside the capture file

answered 11 Dec '12, 13:26

Landi's gravatar image

accept rate: 28%

This worked great thank you. My only issue was i was Port Mirroring on my Switch 2 ports (source server and gateway) so i had two instances of each packet, 1 from each Switch port.

This meant Wireshark found 1 instance of every packet without a matching reply.

Luckily there were few enough packets after applying the above filter that i could manually go down the list and find the occurrences where there were 2.

Thanks again.

(11 Dec '12, 13:55) philliplew

(based on sequence number BE)

(11 Dec '12, 13:56) philliplew

You could use editcap -d to remove duplicate packets before analyzing them. editcap is a command line tool that can be found in the wireshark installation directory.

(11 Dec '12, 13:58) Jasper ♦♦

Thank you very much¡ I was searching in a 201998 packets file and found out 313 w/o answer¡ All of this in 5 minutes thank you¡¡

(09 Mar '15, 07:36) paristiz