This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Ping test with high MS

0

I have a porblem with my network. Whenever i ping from my computer to my router i get a 500 ms response time every minute or so. I uploaded the capture here: https://www.cloudshark.org/captures/8d99cc1d17e5

What could be wrong? My other PC has no such problem and when i use my external WLAN adapter and use my wifi the ping still spikes once a minute.

asked 30 Jun '16, 05:23

Alexxjr's gravatar image

Alexxjr
6113
accept rate: 0%

One Answer:

2

It appears that each time the pings are (very) slow your computer had (just prior to the ping request) broadcast an SSDP M-SEARCH. It appears to take the router about 2 seconds to process and reply to this message and during that time it isn't replying to the ICMP.

This pattern wasn't too hard to find:

  1. Use a filter of icmp.resptime > 10
  2. Select the first ICMP reply you see
  3. Clear the filter and look what happened between (and a little before) the ICMP request and reply
  4. Repeat for several other instances of the slow replies to see if the same thing happens each time

Here's an example:

No.     Time           Source                Destination           Protocol Length Info
    999 151.233509     192.168.0.12          239.255.255.250       SSDP     136    M-SEARCH * HTTP/1.1 
   1000 151.327558     192.168.0.12          192.168.0.1           ICMP     74     Echo (ping) request  id=0x0001, seq=1984/49159, ttl=128 (reply in 1017)
   1001 151.872915     192.168.0.12          40.113.87.220         TCP      66     50801 → 443 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=256 SACK_PERM=1
   1002 151.872915     192.168.0.12          40.113.87.220         TCP      66     50800 → 443 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=256 SACK_PERM=1
   1003 152.010902     192.168.0.12          192.168.0.255         UDP      305    54915 → 54915  Len=263
   1004 152.928330     173.112.255.173 192.168.0.12          TLSv1    107    Application Data
   1005 152.978607     192.168.0.12          173.112.255.173 TCP      54     50599 → 443 [ACK] Seq=1 Ack=319 Win=259 Len=0
   1006 153.013169     192.168.0.12          192.168.0.255         UDP      305    54915 → 54915  Len=263
   1007 153.234173     192.168.0.1           192.168.0.12          SSDP     284    HTTP/1.1 200 OK 
   1008 153.234270     192.168.0.1           192.168.0.12          SSDP     300    HTTP/1.1 200 OK 
   1009 153.234448     192.168.0.1           192.168.0.12          SSDP     296    HTTP/1.1 200 OK 
   1010 153.234532     192.168.0.1           192.168.0.12          SSDP     276    HTTP/1.1 200 OK 
   1011 153.234688     192.168.0.1           192.168.0.12          SSDP     356    HTTP/1.1 200 OK 
   1012 153.234806     192.168.0.1           192.168.0.12          SSDP     320    HTTP/1.1 200 OK 
   1013 153.234881     192.168.0.1           192.168.0.12          SSDP     350    HTTP/1.1 200 OK 
   1014 153.235066     192.168.0.1           192.168.0.12          SSDP     348    HTTP/1.1 200 OK 
   1015 153.235141     192.168.0.1           192.168.0.12          SSDP     352    HTTP/1.1 200 OK 
   1016 153.235325     192.168.0.1           192.168.0.12          SSDP     344    HTTP/1.1 200 OK 
   1017 153.239442     192.168.0.1           192.168.0.12          ICMP     74     Echo (ping) reply    id=0x0001, seq=1984/49159, ttl=64 (request in 1000)

I can't say why that's happening (is the router really handling ICMPs at the same level as SSDP?) but it appears to be the cause.

answered 01 Jul '16, 06:42

JeffMorriss's gravatar image

JeffMorriss ♦
6.2k572
accept rate: 27%

edited 01 Jul '16, 06:43

grahamb's gravatar image

grahamb ♦
19.8k330206

Reinstalled my operating system and the problem dissappeared. Thanks for the analysis

(01 Jul '16, 09:15) Alexxjr