Why can't Wireshark read packets from ping?
13,865
Solution 1
Make sure you aren't filtering the results
- ensure wireshark is capturing and displaying everything not just IP or TCP (ICMP is a different protocol
- Ensure you are looking at the correct network interface
Solution 2
I've bumped into the same problem and what worked for me was filtering the IP address using:
arp.dst.proto_ipv4 == {My.Dst.IP.Address}
instead of:
ip.addr == {My.Dst.IP.Address}
and then I could see the ARP messages even though I couldn't see the IP messages.
Related videos on Youtube
10 : 38
Learn Wireshark in 10 minutes - Wireshark Tutorial for Beginners
13 : 12
Wireshark | 03 | Simulate and analyse ICMP packets
07 : 41
Wireshark 101: Fixing Network Problems with Wireshark, HakTip 134
19 : 15
Analysing Ping with Wireshark
11 : 53
ICMP packets capture using Wireshark
Author by
KMC
Updated on September 18, 2022Comments
-
KMC over 1 year
I have Wireshark started, then I
pingan IP address.But Wireshark is not picking up any packet sending to or receiving (echoing) from the destination address.
Why? Is
ping"protected" from being sniffed?-
user1686 about 12 yearsYou probably just started Wireshark on the wrong network interface.
-
m0skit0 about 12 yearsIt's not. Wireshark sniffs ICMP. You're doing something wrong, but we cannot guess if you give no details. -
whitequark about 12 yearsIf you have started Wireshark on all network interfaces and this is Windows, then AFAIK you won't be able to capture any traffic (incl. pings) on loopback interface (127.0.0.1/8) due to the way Windows network stack works.
-
-
Stack Player about 10 yearshow can we check if we are filtering anything like ipv4 or ICMP (with the display filter being cleared)? -
Admin almost 2 yearsThis worked for me as well. My interface was sending out ARP requests trying to figure out how to route to the destination but wasn't receiving a reply.
