This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Can you plot ping packets successfully sent/received on IO graphs?

1

Hi all.

I'm currently doing an experiment using Mininet in which I've set up an OpenFlow SDN and I'm attempting to DDoS it using Hping3. I issue the Hping3 command and then kill it which overloads the network and then I send a ping between two other hosts within the network and my plan is to try and gauge how long it takes for the network to become fully functional again by seeing how long it takes for the ping packets to be successfully sent without interruption or heavy delays.

All of the above is fine but in the IO function all I've been able to show is packets per second between the host and destination devices, whereas as I'm trying to show how network connectivity is affected I'd ideally like to show either ping packets successfully sent by the source host or received by the destination host. Can this be achieved using the IO graph function?

Hopefully the above makes sense and thanks for any advice that can be given.

asked 30 Mar '17, 14:55

NSE17's gravatar image

NSE17
21115
accept rate: 0%


2 Answers:

2

If you're looking for successful ICMP echo replies, then you might want to plot things a bit differently. For example:

Name                       Display filter       Color Style
ICMP requests              icmp.type eq 8       Blue  Dot
ICMP Successful Responses  icmp.resp_to         Green Impulse

You might even want to specifically plot ICMP request packets for which no response was found, e.g.:

ICMP No Response           icmp.resp_not_found  Red   Line

answered 31 Mar '17, 09:11

cmaynard's gravatar image

cmaynard ♦♦
9.4k1038142
accept rate: 20%

Oh, that's useful! I didn't know about resp_to and resp_not_found. Thanks :-)

(31 Mar '17, 10:07) cepheidlight

1

I would define a filter "icmp.type == 8" on the graph, something like this screen capture shows: https://notalwaysthenetwork.files.wordpress.com/2014/04/screen-shot-2014-04-08-at-10-51-25-pm.png

answered 30 Mar '17, 23:42

cepheidlight's gravatar image

cepheidlight
26227
accept rate: 0%

Thanks for the response, that is basically exactly what I'd like to show in my graph. However, despite getting a steady flow of pings successfully sending my IO graph looks like this - http://tinypic.com/r/3a1bb/9

What could be going wrong?

I should say, this is the result of a normal ping test between two hosts within the network, as opposed to one that's been done while the network is overloaded.

(31 Mar '17, 06:23) NSE17

Problem solved - I had capture set to the wrong interface. Working as expected now. Thanks for the help!

(31 Mar '17, 08:46) NSE17

nice that it works!

(31 Mar '17, 09:02) cepheidlight