Wireshark · Wireshark-users: [Wireshark-users] finding a missing ICMP Echo Reply

Wireshark-users: [Wireshark-users] finding a missing ICMP Echo Reply

From: Stuart Kendrick <skendric@xxxxxxxxx>

Date: Fri, 05 Oct 2012 08:00:14 -0700

I have a trace tracking one station pinging another, across multipledays: 32,371 frames


10.1.2.3    10.1.2.4    ICMP    Echo (ping) request
10.1.2.4    10.1.2.3    ICMP    Echo (ping) reply
10.1.2.3    10.1.2.4    ICMP    Echo (ping) request
10.1.2.4    10.1.2.3    ICMP    Echo (ping) reply
[...]

Somewhere in there is one missing ICMP Echo Reply

I want to find precisely where (when) this occurs.

Can you think of a Wireshark way to accomplish this?

[If not, then I'll write a little code to walk through a text version ofthe trace, looking for two back-to-back 'Echo (ping) request' lines ...but I'm hoping for something slightly faster.]


--sk

Follow-Ups:
- Re: [Wireshark-users] finding a missing ICMP Echo Reply
  - From: Martin Isaksson

Prev by Date: Re: [Wireshark-users] how to specify an ip subnet except several ip addresses with tshark filter(wireshark display filter)
Next by Date: Re: [Wireshark-users] finding a missing ICMP Echo Reply
Previous by thread: Re: [Wireshark-users] how to specify an ip subnet except several ip addresses with tshark filter(wireshark display filter)
Next by thread: Re: [Wireshark-users] finding a missing ICMP Echo Reply
Index(es):
- Date
- Thread