tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Missing IPv6 ICMPv6 Neighbor Solicitation with

From: Paul Sheer <paulsheer () gmail com>
Date: Thu, 23 Feb 2012 15:26:19 -0600
There is a need.

Actually I found the answer to this, as below.

Would anyone consider adding this support to libpcap: i.e. a new
member within pcap_opt ?


Under Linux you have to explicitly enable support for "all multicast" packets.
libpcap does not have an option for this, but it can be done as follows by using
the ethernet file descriptor:

older kernels:

                ...
                ifr.ifr_flags |= IFF_ALLMULTI;
                ioctl(handle->fd, SIOCSIFFLAGS, &ifr) ...

new kernels

                mr.mr_type    = PACKET_MR_ALLMULTI;
                setsockopt(sock_fd, SOL_PACKET, PACKET_ADD_MEMBERSHIP, &mr ...


I assume the reason one has to do this is because multicast support
happens within the driver (and IPv6's intention to make use of such existing
hardware support for its neighbor disc). *shrug*

-paul



On Thu, Feb 23, 2012 at 12:32 PM, Aaron Turner <synfinatic () gmail com> wrote:

On Thu, Feb 23, 2012 at 10:20 AM, Paul Sheer <paulsheer () gmail com> wrote:

Hi there,

With promiscuous mode turned off, libpcap successfully captures
ARP requests (since they are sent to hw address ff:ff:ff:ff:ff:ff).....

However I would expect the same behavior with IPv6 ICMPv6
Neighbor Solicitation requests. These requests have the
destination HW address of 33:33:xx:xx:xx:xx (a multicast
address). I.e. I would not have thought that it be necessary
to use promiscuous mode to see the Neighbor Solicitations.


Is an IPv6 address configured on that interface?  If not, there
wouldn't be a need to listen to Neighbor Solicitations.

--
Aaron Turner
http://synfin.net/         Twitter: @synfinatic
http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety.
    -- Benjamin Franklin
"carpe diem quam minimum credula postero"
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Previous By Date Next
Previous By Thread Next

Current thread: