Wireshark-bugs: [Wireshark-bugs] [Bug 5770] Add conversation tracking to ICMP.
Date: Wed, 23 Mar 2011 10:24:01 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5770

--- Comment #20 from Chris Maynard <christopher.maynard@xxxxxxxxx> 2011-03-23 10:24:01 PDT ---
(In reply to comment #17)
> I just learned something new about icmp packets, at least from a FreeBSD Unix
> box.  The first part of the payload is a tv32 timestamp:
> 
> struct tv32 {
>         int32_t tv32_sec;
>         int32_t tv32_usec;
> };

Funny, I learned pretty much the same thing with Windows & Linux while
tinkering with the timestamps.  And that's why even when the seq #'s wrap
around again the packets don't match because the payload isn't exactly the
same.

> And if you specify the payload to be too small (-s parameter to ping), then it
> no longer tracks response time!

Hmm, for me it does.  I uploaded another capture file with some 1-byte ping
payloads that still works for me using the latest patch here.  Maybe there is
some other reason why they're not being tracked?  Could you post a capture file
where the tracking doesn't work?

> Not sure if this would be useful to show in
> Wireshark, but here is a link to the source code (look for the pinger
> function);
> 
> http://svn.freebsd.org/viewvc/base/head/sbin/ping/ping.c?view=markup

If there's enough bytes in the payload, I guess it could be displayed.  Does
every OS's ping do this?

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.