Wireshark Feature Added: Connecting ICMP Errors

ICMP/ICMPv6, Wireshark, , , ,

It’s really just a small thing, but very practical for me: In Wireshark, a feature request I submitted has been implemented. Now, when you click on an ICMP error, the corresponding (original) packet is highlighted.

Previously, clicking on a packet belonging to a flow would show all related packets, including any ICMP errors. However, if you selected an ICMP error packet itself, nothing happened. If you had many ICMP errors from different sessions, you had to go through the cumbersome process of figuring out which sessions they actually belonged to.

Now, you can simply scroll through the packet list as usual and immediately see whether related packets are present — and if so, which ones. Very handy.

The following screenshot shows two times the same PCAP, clicked on packet number 21, an ICMP TTL exceeded due to a previously issued traceroute. On the left-hand side with Wireshark version 4.4.8, nothing happens, while on the right-hand side with Wireshark version 4.5.0rc0, a line is shown which points to the packet that led to this ICMP error, namely packet number 5, the start of the traceroute.

My thanks go to the Wireshark developers — in this case, especially Eugène Adell — for tackling a not-so-relevant issue which required some major changes. For me, being a coding noob, this would have been far beyond my capabilities. Many thanks!

Again, this proves that you can even contribute to Wireshark if you don’t have any coding skills, such as I.

Soli Deo Gloria!

Photo by Anika Huizinga on Unsplash.

Leave a Reply

Your email address will not be published. Required fields are marked *