Wireshark-users: Re: [Wireshark-users] Ping Replys without Request

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Mon, 28 Aug 2006 02:16:57 -0700
STEINECKE Michael SD-G (AREVA NP GmbH) wrote:

i've a bit strange issue in the communication between a Server and his client (a microcontroler). The controler send "Echo Reply" packets without a corresponding ICMP requests. Is there another way how this can happen then an program or firmware error? Something like an TCP packet that requests a ICMP Echo par example?

Well, to quote Ulf Lamping's reply to your previous message (you *are* subscribed to the wireshark-users list, so that you'll see replies, right?):

Is it only the ICMP packets or other packets as well that you don't see?

Make sure you that you can capture both directions of the conversation, as it could be a capture interface problem.

I.e., one possibility is that whatever hardware and software you're using to capture the traffic is seeing only one side of the traffic. Are you seeing any other non-broadcast, non-multicast traffic sent to the controller?

If you are, another possibility is that the echo request, for some reason, wasn't captured by whatever was capturing the traffic you saw - for example, it might have been dropped because too much traffic was arriving for whatever software was capturing it to store it.

Another possibility, as Ronnie Sahlberg noted, is that there's a bug in the protocol stack; there is no TCP packet that would request an echo reply - there's no packet other than an ICMP echo request that is supposed to cause an echo reply to be sent.