Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: finding a missing ICMP Echo Reply

From: Gerald Combs <gerald () wireshark org>
Date: Fri, 05 Oct 2012 09:03:22 -0700
Can you try "(icmp.type == 8) && !icmp.resp_in"? That should show any
request without a matching response.

On 10/5/12 8:35 AM, Stuart Kendrick wrote:

I'm stumbling on this.

Filtering on icmp.resp_in shows me all the Requests
Filtering on icmp.resp_to shows me all the Replies

Filtering on !icmp.resp_in shows me everything
Filtering on !icmp.resp_to shows me everything

Filtering on "!icmp.resp_in and !icmp_resp_to" shows me everything

Reading the description of these expressions ... I don't understand what
they do:

icmp_resp_in - Response In (the response to this request is in this frame)
    How can an ICMP Request and an ICMP Reply share the same frame?
icmp_resp_to = Response To (This is the response to the request in this
frame)
    How do I specify which request?

Would you elaborate?

--sk

On 10/5/2012 8:22 AM, Martin Isaksson wrote:

Hi Stuart!

!icmp.resp_in and !icmp.resp_to

There might be an easier way :)

/M




___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
           
mailto:wireshark-users-request () wireshark org?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: