This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Question about ICMP packet between ISP gateway and client PC

0

Hi All, I am a wireshark beginner. I am trying to troubleshoot my home network problem. I ping the gateway bypass my router and get back the ICMP response. But I don't know why there are some ICMP responses which are from other destinations instead of gateway. Is it possible to make impact in my router(LAN network) ? I sort the packet capture by protocol.alt text my ip 119.246.66.11
my gateway ip 119.246.64.1

asked 26 Sep '17, 08:52

bennylam1113's gravatar image

bennylam1113
6113
accept rate: 0%

edited 26 Sep '17, 09:13


One Answer:

0

I assume your IP is 119.246.66.11, so it's telling other IP addresses that some ports they try to access on your IP aren't available (the black packets). If you look inside the black packets you'll find quoted packets at the bottom of each packet, telling you what the packet causing the "Port unreachable" message was.

BTW: in general, it makes no sense to sort the packet list by protocol, because it makes it very hard to see context of the conversation. I recommend filtering on IP pairs instead if you want to limit what you're showing.

answered 26 Sep '17, 09:00

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Hi Jasper,

thanks first. but i want to know is it a normal situation? I am finding the reason why my network is unstable. ISP problem or my router problem. This is the capture when I connect to router and ping the gateway.

(26 Sep '17, 09:20) bennylam1113

Sorry, had to convert your answer to a comment, which messes up the image scaling (and I can't remember the trick to resize it)...

You seem to have some packet loss when it comes to ping packets. Ping isn't that reliable unfortunately, so it's only a small indicator of a problem. You'd need to capture problematic TCP connections and determine packet loss for those if you want something more solid. You can determine packet loss by looking (filtering) for TCP analysis symptoms, e.g. Duplicate ACKs, Retransmissions and lost segments.

(26 Sep '17, 09:40) Jasper ♦♦

Hi, I uploaded my packet capture in https://www.sendspace.com/file/00bplf I will buy books to learn more about wireshark.

In my ASUS router, issue start in: Sep 27 23:58:46 WAN Connection: Ethernet link up. Sep 27 23:58:46 rc_service: wanduck 390:notify_rc restart_wan_if 0 Sep 27 23:58:48 wan: mac clone: [wan0_hwaddr] == [44:8a:5b:29:d4:05]

I took this router to my office, to my friends home to check, it is functionable and no any problem. However my friends did not capture any packet. I am so upset. I don't know how to root cause the case. Thank you everyone to share the analyze experience.

(27 Sep '17, 09:13) bennylam1113
1

@jasper

To fix an overlarge image I replace the link with an <img src="image_URL" width="640" />

(27 Sep '17, 09:16) grahamb ♦