This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Capture/Verify Ping Requests/Replys On Both Ends Of Radio Link?

0

IP Camera setup with a server and one cam at location A and four additional cams at location B with the two locations joined via a radio link that is, AFIK, effectively a half-mile-long Ethernet cable. viz: http://tinyurl.com/mkfmvcx

Every once-in-awhile, three of the cams at location B become unavailable to the server at location A. Pinging shows groups of replies interspaced with Timeouts and Unreachables. viz: http://tinyurl.com/ouqrd95

We have a PC at the remote location B and WireShark is installed on that PC and on the camera server PC at location A.

IP addr of Location A cam server is 10.0.0.33. IP addr of problem cam at Location B is 10.0.0.145.

Next time this happens, I would like to start up a Ping -t and see if the requests are getting from Location A to Location B at the moments of Timeouts and Unreachables.

Hopefully this will tell me something about whether the problem is in the radio link (which it probably is, since rebooting the radios makes the problem go away) or maybe in some combination of link/camera/something else that I cannot imagine.

So, The Question:

How do I configure WireShark on each end to do this?

I think I have it for the server end (Location A, where the Pings are coming from):

  • Fire up WireShark

  • Let it run for awhile

  • Quit and save a .cap file

  • Open said .cap file and apply the filter (ip.src == 10.0.0.33 && ip.dst==10.0.0.145) or (ip.src==10.0.0.145 && ip.dst==10.0.0.33)

But what to do at the other end (Location B)? The strategy just mentioned does not seem to work. Specifically, I cannot find any line items with Protocol=IMCP. IMCPV6, yes, but no plain old IMCP - which all the Requests/Replys are in the .cap at Location A.

FWIW: 64-bit WireShark at Location A, 32-bit WireShark at location B.

Also, it seems like I would have to determine what the unique ID for packets is so that, once I figure out the filter for Location B, I can check to see if a specific packet made it from Location A to Location B.

Does any of this make sense?

asked 04 Jan '15, 13:37

PeteCress's gravatar image

PeteCress
16568
accept rate: 0%

edited 04 Jan '15, 14:53


One Answer:

0

At location B, you have Wireshark installed on a troubleshooting PC, but you're pinging the cameras. Everything is connected to a switch, so pings addressed to the camera at 10.0.0.145 are only going to go out the switch port that 10.0.0.145 is connected to. The ping packets will not be sent out the switch port that your Wireshark machine is connected to. See this Wiki page for a discussion of capturing on an Ethernet switched network. The simplest solution is to see if your switch is capable of doing port mirroring. If so, set up port mirroring so that one of the camera ports is mirrored to the port where your Wireshark machine is connected and then ping that camera. You could also try pinging the troubleshooting PC directly, just to see if pings are making it across the wireless link.

You can simplify your filter to ip.addr==10.0.0.33 && ip.addr==10.0.0.145.

answered 04 Jan '15, 16:23

Jim%20Aragon's gravatar image

Jim Aragon
7.2k733118
accept rate: 24%

Thanks for the clear explaination.

(04 Jan '15, 16:41) PeteCress