2
PING is the standard IP connectivity test tool to measure round trip times to a destination host.
The underlying protocol is using ICMP ECHO REQUESTs and ICMP ECHO REPLYs over an IP infrastructure. The data portion of the ECHO REQUEST
can by anything. Some more recent implementations are sending a Timestamp in the ICMP data portion to keep track of the Time when the ECHO Request was built.
If an IP stack provides this information wireshark will compare the packet arrival time with the timestamp in the icmp data and create a field which can be used to create a filter or to add as a column.
Filter to find all 'bad' PING responsetimes.
First you need to define what is considered a bad responsetime. In the example below, the PINGs are flowing over a HIPERSOCKET network which is a very low latency network as it does not involve and network componenets. Standard latencies are expected to always be below 1ms.
icmp.data_time_relative ge 0.001
displays all packets that have a current timestamp that is more than 1 ms away from the orignial cmp data timestamp
Assigning colors to highlight the slow PINGs
Using wireshark's coloring rule feature you can assign an alarming color for the slow PINGs
| coloring rules |
 |
 |
