Hello i am implementing icmp on my device and made a ping to it for test. On the windows console, i got replies to all my requests. However, Wireshark sais the Ping requests 4 and 7 do not match (Echo (ping) request ... etc ... no response found). I could not find anything wrong on my frames, what's more in the ICMP of the frame, Wireshark even created a link to the corresponding frame (Reply/Request). The device is connected directly to my network kard. This seems contradictory to me. Is this a bug in Wireshark or am i overlooking something? I tried to prepare a .pcapng for you but then realized that on opening that file, "no response found" has dissappeared. So here is the link to the capture, it's a txt you can load it with wireshark. On ping request 4 (frame number 9) and 7 (frame number 15) it said (no response found) in the "Info" column. asked 03 Aug '15, 05:23 MOd24 |
One Answer:
So do I understand you correctly: during capture Wireshark said "no response found", but after reopening the file everything was fine? If so it looks like the "runtime" processing of frames cannot match all ping requests to replies. As long as the loading does I wouldn't complain - I guess there is a technical reason for this, usually that there is only single pass processing during capture. BTW, please post PCAPng or PCAP files; hex dumps are not useful at all, and nobody here will spent much time on decoding it or converting it back to a useful format. Which may lead to you not getting any answer at all because it's too annoying. answered 03 Aug '15, 05:32 Jasper ♦♦ |
Yes, that is exactly what i mean. Thanks for the reply. I was able to open the .txt file in Wireshark just fine. I manually removed all frames after the ping since they do not matter (therefore the txt). I just made a screenshot of Wireshark to clarify before i read your comment.
Anyway, i think it is just like you said, and only appearing on live capture, so problem solved.
https://www.dropbox.com/s/e717fhps12xroa8/ping.png?dl=0
On the image, the issue appears on frame no. 3
only appearing on live capture, so problem solved.
That looks like a bug to me. I'd recommend filing a bug report. I wrote the original ICMP request/response tracking (See Bug 5770), and later Ronnie Sahlberg made some changes (See commit 16936274786ce9b22821b4ee33b876ac5ce1fef1).
If you file a bug report, please include the screen capture and also CC Ronnie.
@MOd24 right, I just tried, Wireshark can open that kind of file - didn't know that, so I've got my check mark for having something new learned today... :-)
@cmaynard, how do i CC Ronnie?
It would appear you (or someone else) already CC'd him on the bug report.