Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] Script/Macro to set time reference?

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Mon, 6 Oct 2008 14:09:30 -0700

On Sep 29, 2008, at 10:28 AM, Jake Peavy wrote:

I would like to collect IGMP information using Wireshark. I'm trying to find occasions where the client does not respond to the General Query in the allocated time.

To do so I'd like to have Wireshark set each query (igmp.type == 0x11) as a time reference. Is there a way to do this?

Not really...

...and that's probably not the right way to handle this, anyway.

It sounds as if you'd want to implement a service response time statistic for ICMP, which means doing request/response matching - doing request/response matching would also mean that a reply packet could have the frame number of the matching request displayed in it, as well as the service response time, and, in Wireshark, the request packet could have the frame number of the matching reply displayed in it.

Then you could, for example, have a filter that looked for all IGMP replies with a service response time > some specified value - as well as having taps to display SRT statistics for IGMP.

I'm not sure what the best dissector to use for an example of SRT statistics would be, but the Radius dissector might be a good start. (I'd say "the DNS dissector", but it doesn't have any SRT statistics. Arguably it should....)