4
I have Wireshark started, then I ping an IP address.
But Wireshark is not picking up any packet sending to or receiving (echoing) from the destination address.
Why? Is ping "protected" from being sniffed?
KMC
Posted 2012-03-01T13:03:31.317
Reputation: 1 537
3
Make sure you aren't filtering the results
- ensure wireshark is capturing and displaying everything not just IP or TCP (ICMP is a different protocol
- Ensure you are looking at the correct network interface
uSlackr
Posted 2012-03-01T13:03:31.317
Reputation: 8 755
how can we check if we are filtering anything like ipv4 or ICMP (with the display filter being cleared)? – Stack Player – 2014-04-07T21:02:56.473
0
I've bumped into the same problem and what worked for me was filtering the IP address using:
arp.dst.proto_ipv4 == {My.Dst.IP.Address}
instead of:
ip.addr == {My.Dst.IP.Address}
and then I could see the ARP messages even though I couldn't see the IP messages.
yeho s
Posted 2012-03-01T13:03:31.317
Reputation: 1
3You probably just started Wireshark on the wrong network interface. – user1686 – 2012-03-01T13:09:21.020
6It's not. Wireshark sniffs ICMP. You're doing something wrong, but we cannot guess if you give no details. – m0skit0 – 2012-03-01T13:28:19.293
1If you have started Wireshark on all network interfaces and this is Windows, then AFAIK you won't be able to capture any traffic (incl. pings) on loopback interface (127.0.0.1/8) due to the way Windows network stack works. – whitequark – 2012-03-01T16:05:06.327