Beginner: Display Filter to Detect Ping
Wireshark 3.2.3, iMac 2017, MacOS 10.12.4
I'm trying to figure out why the "LAN Control" on a Yeelight "smart lightbulb" stopped working. You can control the bulb by sending UDP messages at port 55443. This was working fine for me for a while and then stopped. A friend suggested using Wireshark to check network traffic. I've found it to be a steep learning curve.
When I use a filter with the IP address of the device (ip==192.168.0.200), Wireshark detects no traffic at all even when I send a formerly working message via UDP. OK, something wrong.
But even when I ping the device Wireshark shows nothing at that IP address:
MyMachine:~ mnewman$ ping -c 3 192.168.0.200
PING 192.168.0.200 (192.168.0.200): 56 data bytes
64 bytes from 192.168.0.200: icmp_seq=0 ttl=255 time=133.614 ms
64 bytes from 192.168.0.200: icmp_seq=1 ttl=255 time=3.227 ms
64 bytes from 192.168.0.200: icmp_seq=2 ttl=255 time=4.719 ms
--- 192.168.0.200 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 3.227/47.187/133.614/61.116 ms
What am I doing wrong?
Was your filter set to
(ip==192.168.0.200)or(ip.addr==192.168.0.200)?Are you capturing traffic on the correct interface? You may want to temporarily remove the capture filter to be sure you're capturing any traffic at all. You may also want to try capturing with another tool, such as tcpdump, to see if your results are any different.
Filter was (ip==192.168.0.200). What should I use to detect pings sent to that IP address?
Which interface should I use? I have both Ethernet and WiF enabledi (en0 and en1). If I ping from a terminal session, which interface does it use?
Comparing a protocol (
ip) to IP address returns no results but is legal syntax.Well, I don't really understand networking at all. Pretty tough when you have to learn so many new terms and concepts to just diagnose a single problem. But, I appreciate the explanation and the help.