hi guys, i have probably a not very intelligent question but i'm new to wireshark and playing with it right now to get some basic experience with it. i have to hosts A and B with wireshark enabled on both ends. i'm doing so really basic stuff like i ping host B from host A to get and idea of how this tool works. what i did i enabled Windows Firewall on host B so i can now see that 4 echo / ICMP requests are send but i'm wondering if wireshark will tell me why ? i mean i know it's not getting any response because ICMP requests are blocked on host B but the wireshark log is not telling me this is just see : no response seeen Expert info (Warn/sequence): no reponse seen to ICMP request in frame x once again sorry if this is stupid but i would to know. or will wireshark show me that something is not working but WHY it's not working i will have to find it different way ? thank you very much Adam asked 31 Dec '14, 06:00  adasko |
One Answer:
Nope, Wireshark can only report on what happens (or doesn't happen) in the case of a missing ICMP ping reply. Literally anything could have happened ranging from from the request not leaving the host machine to the responses being eaten by a flying spaghetti monster. Wireshark gives valuable insight into the packets that are captured and can infer some things if expected things don't happen, but the why is down to you. answered 31 Dec '14, 06:19  grahamb ♦ edited 31 Dec '14, 08:17  Kurt Knochner ♦ |
@grahamb this makes sense to me. thank you for clearing my doubts !
Your answer has been converted to a comment as that's how this site works. Please read the FAQ for more information.
If an answer has solved your issue, please accept the answer for the benefit of other users by clicking the checkmark icon next to the answer. Please read the FAQ for more information.