4
I have Wireshark started, then I ping
an IP address.
But Wireshark is not picking up any packet sending to or receiving (echoing) from the destination address.
Why? Is ping
"protected" from being sniffed?
4
I have Wireshark started, then I ping
an IP address.
But Wireshark is not picking up any packet sending to or receiving (echoing) from the destination address.
Why? Is ping
"protected" from being sniffed?
3
Make sure you aren't filtering the results
- ensure wireshark is capturing and displaying everything not just IP or TCP (ICMP is a different protocol
- Ensure you are looking at the correct network interface
how can we check if we are filtering anything like ipv4 or ICMP (with the display filter being cleared)? – Stack Player – 2014-04-07T21:02:56.473
0
I've bumped into the same problem and what worked for me was filtering the IP address using:
arp.dst.proto_ipv4 == {My.Dst.IP.Address}
instead of:
ip.addr == {My.Dst.IP.Address}
and then I could see the ARP messages even though I couldn't see the IP messages.
3You probably just started Wireshark on the wrong network interface. – user1686 – 2012-03-01T13:09:21.020
6It's not. Wireshark sniffs ICMP. You're doing something wrong, but we cannot guess if you give no details. – m0skit0 – 2012-03-01T13:28:19.293
1If you have started Wireshark on all network interfaces and this is Windows, then AFAIK you won't be able to capture any traffic (incl. pings) on loopback interface (127.0.0.1/8) due to the way Windows network stack works. – whitequark – 2012-03-01T16:05:06.327