No ARP traffic

["Gisle Vanem" <giva () bgnett no>]

When pinging my router (10.0.0.1) from Win-XP, I cannot see the 
ARP request and response in tcpdump (running in another window
on the same machine). I'm sure the ARP cache is empty (I did an 
'arp -d 10.0.0.1') before running ping 10.0.0.1.

I was under the impression that NDIS 5 should loop all non-broadcast
generated traffic while capturing in promiscous mode. So I'd exprect 
to see the ARP reply at least.

tcpdump shows only IP:

> windump -nvet ip or arp
windump.exe: listening on \Device\NPF_{93380695-0E31-456C-9EB0-8802E111C09D}
00:01:80:0c:70:b2 00:00:c5:92:36:c4 0800 74: (tos 0x0, ttl 64, length: 60) 10.0.0.6 > 10.0.0.1: icmp 40: echo request 
seq 6912
00:00:c5:92:36:c4 00:01:80:0c:70:b2 0800 74: (tos 0x0, ttl 255, length: 60) 10.0.0.1 > 10.0.0.6: icmp 40: echo reply 
seq 6912

I'm using the latest version from tcpdump.org (compiled it myself).
But same result with windump from polito.it. I also use WinPcap 3.0 final.

Any explanation?

--gv


-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe