On Oct 3, 2006, at 3:59 AM, Phil M wrote:
> After reading through the man pages of wireshark and haven't yet
> found whether it can give a report like this: I want to ping -t our
> Cisco 1700 over a period of, say, 12 hrs and have wireshark report
> only these ping packets and echos, what response time they have and
> if any drop out. Or can wireshark perform this very function on its
> own?
Report only those ping packets and the replies to them (I assume
that's what you mean by "and echos" - ping packets *are* echoes, i.e.
ICMP Echo and ICMP Echo Reply messages)? Yes - you'd want a capture
filter such as
host {pinging machine} and host {your Cisco 1700} and icmp
If you want to see only echoes and echo replies between those
machines, try
host {pinging machine} and host {your Cisco 1700} and (icmp[icmptype]
== icmp-echo or icmp[icmptype] == icmp-echoreply)
(at least with modern versions of libpcap; older versions would
require you to specify the right numerical values for "icmptype",
"icmp-echo", and "icmp-echoreply").
If you want to see the response time or if any echos didn't have a
reply, though, you'd have to modify the ICMP dissector to do request/
response matching, report the response time, and perhaps have an
"expert" to report requests without replies (or have somebody else do
so).
_______________________________________________
Wireshark-users mailing list
[email protected]
http://www.wireshark.org/mailman/listinfo/wireshark-users
