This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

ICMP ping error

0

Hai,

On testing ping replay for my embedded hardware(LPC2378(MAC) + KSZ8091(PHY) ) from my pc ,I am receiving the Ping replies in wireshark with no errors, but my application on PC side(CMD terminal) is showing time out. Also wire shark is marking the response packet as reply for the request.What would be the reason for that?? I compared the response with a ping response from another PC all the fields seems to be ok .. Please add your comments.

Thanks Sreekanth MK

asked 29 Feb '16, 04:54

gladiator's gravatar image

gladiator
6224
accept rate: 0%

Do you capture using Wireshark on the same PC from which you send the ping requests? Does the capture show that the destination MAC address of the reply is the MAC of the PC? Does the PC have more than one network card (wired or wireless)?

(29 Feb '16, 05:51) sindy

Yes I captured on the same pc that I send ping request. Please see the attached images. left side shows the ping request from pc to hardware and right side shows the response. No, PC has only one wired connection.

PC IP :10.0.0.12 Hardware IP : 10.0.0.30

alt text

alt text

alt text

(29 Feb '16, 06:20) gladiator

please see the attached images

(29 Feb '16, 06:21) gladiator

One Answer:

1

OK, so the reply is completely fine except one thing, which is the IP checksum. Can you permit IP checksum evaluation and check whether it is correct for both the ping replies from your embedded device and the ping replies from the other PC? Normally, IP (or TCP, or UDP) checksums may be shown as wrong for packets sent by the machine on which you capture if the packet processing is offloaded from the OS network stack to the network card hardware. For received packets, Wireshark should mark the checksum as incorrect only if it really is.

So if the icmp replies from the other PC have correct checksums while the icmp replies from your embedded devices have them wrong, we have the answer.

If not, the next step would be to disable Windows firewall (or any 3pty firewall software) on the PC from which you ping and try again.

answered 29 Feb '16, 06:30

sindy's gravatar image

sindy
6.0k4851
accept rate: 24%

Hai,

Thank you for pointing that. Yes that was due to IP header checksum error. I thought that was not necessary as wireshark is showing checksum verification disabled. So added the checksum calculation for IP header, now it is working. :) :) :) . Thanks allot for the help.

Regards Sreekanth MK

(29 Feb '16, 20:39) gladiator

@gladiator, bear in mind that in the packet dissection tree, you can find two types of information: one that has been part of the frame/packet as it has been captured on the wire, and another one derived from the former by the dissector in order to make your own analysis easier. The latter falls into two categories, inter-packet relationship (like in which frame you can find a request for the response in the current frame, or vice versa, allowing you to filter packets on properties other than "physical" packet fields' values) and "expert info", informing you about conclusions which can be (almost) automatically made based on the captured data contents or about some settings. Expert info provides you with hints allowing you to speed up your own packet analysis.

In particular, the IP checksum verification disabled is such an expert info added by Wireshark, notifying you that you've switched checksum verification off in protocol preferences. It is not a value of any real field of the IP packet which would be telling the receiving side that it should ignore the IP checksum.

(01 Mar '16, 03:17) sindy