This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

icmp replies come back but the switch says the target is unreachable…

0

have you ever seen this ? From a switch (on the same VLAN etc), I send ping to a target server. The ICMP reply comes back (I can see it in the wireshark trace file). Unfortunately in the CLI of the switch, this is like it gets no Echo reply !! And of course I take the PCAP on the switch itself, so I'm sure the Echo reply gets back to the switch.

Have tried everything : - change the target IP address of the server - change the network adapater of the target server - change the port on which the server is connected

I only have this problem with this particular server. All other servers work perfectly in the same network environment.

The switch is a Cisco Nexus switch.

any idea ?

asked 17 Oct '16, 03:47

thierryn's gravatar image

thierryn
219912
accept rate: 0%

The idea would be that you can see the response packet in the capture but the switch does not recognize it as a response to its particular echo request due to mismatch of some field.

Can you publish the trace file?

(17 Oct '16, 04:30) sindy

Yes sure, but how can I upload a tracefile ? (sorry for this stupid question but I do not see any file upload possibility).

(17 Oct '16, 04:33) thierryn

I do not see any file upload possibility

Correct, there is none. You have to upload your file to Cloudshark or to any plain file publishing service (Dropbox, Google Drive, Microsoft Onedrive, ...) and edit your question with a login-free link to it.

(17 Oct '16, 04:35) sindy
(17 Oct '16, 04:40) thierryn

One Answer:

1

Well, the IP and ICMP contents of the Ethernet frames is fine, but look at the MAC addresses. The echo request from IP address 192.168.26.1 is sent with source MAC address 00:46:36:80:fc:04 (vendor unknown although bit 6 of the MAC address indicates that it is globally unique), but the echo response to the same IP, 192.168.26.1, has 4c:00:82:a1:c0:83 as destination MAC address (some Cisco box). So the responding server's ARP table maps 192.168.26.1 to 4c:00:82:a1:c0:83, which means that the switch which has sent the request never gets the response.

Have a look at your IP address assignments and MAC addresses of different pieces of your equipment. Maybe there is a static record in that particular server's ARP table?

answered 17 Oct '16, 05:02

sindy's gravatar image

sindy
6.0k4851
accept rate: 24%

ohhh, stupid am I. Was only focused on the ICMP part. Thanks !!

(17 Oct '16, 05:08) thierryn