tcpdump mailing list archives
No ARP traffic
From: "Gisle Vanem" <giva () bgnett no>
Date: Sun, 27 Apr 2003 18:39:49 +0200
When pinging my router (10.0.0.1) from Win-XP, I cannot see the ARP request and response in tcpdump (running in another window on the same machine). I'm sure the ARP cache is empty (I did an 'arp -d 10.0.0.1') before running ping 10.0.0.1. I was under the impression that NDIS 5 should loop all non-broadcast generated traffic while capturing in promiscous mode. So I'd exprect to see the ARP reply at least. tcpdump shows only IP:
windump -nvet ip or arp
windump.exe: listening on \Device\NPF_{93380695-0E31-456C-9EB0-8802E111C09D} 00:01:80:0c:70:b2 00:00:c5:92:36:c4 0800 74: (tos 0x0, ttl 64, length: 60) 10.0.0.6 > 10.0.0.1: icmp 40: echo request seq 6912 00:00:c5:92:36:c4 00:01:80:0c:70:b2 0800 74: (tos 0x0, ttl 255, length: 60) 10.0.0.1 > 10.0.0.6: icmp 40: echo reply seq 6912 I'm using the latest version from tcpdump.org (compiled it myself). But same result with windump from polito.it. I also use WinPcap 3.0 final. Any explanation? --gv - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- No ARP traffic Gisle Vanem (Apr 27)
- Re: No ARP traffic Guy Harris (Apr 28)
- Re: [WinPcap-users] No ARP traffic Guy Harris (Apr 28)
- Re: [WinPcap-users] No ARP traffic Gisle Vanem (Apr 28)