Re: No ARP traffic

[Guy Harris <guy () netapp com>]

On Sun, Apr 27, 2003 at 06:39:49PM +0200, Gisle Vanem wrote:
> When pinging my router (10.0.0.1) from Win-XP, I cannot see the 
> ARP request and response in tcpdump (running in another window
> on the same machine). I'm sure the ARP cache is empty (I did an 
> 'arp -d 10.0.0.1') before running ping 10.0.0.1.

When pinging my router from Windows 2000, I *can* see the ARP request
and response in Ethereal running on the same machine; WinDump would
presumably have shown it as well.

I'm using WinPcap 2.3, so this might be a WinPcap issue, or it might be
an NT 5.0 vs. NT 5.1 issue.

However:

> tcpdump shows only IP:
>
> > windump -nvet ip or arp
> windump.exe: listening on \Device\NPF_{93380695-0E31-456C-9EB0-8802E111C09D}
> 00:01:80:0c:70:b2 00:00:c5:92:36:c4 0800 74: (tos 0x0, ttl 64, length: 60) 10.0.0.6 > 10.0.0.1: icmp 40: echo request 
> seq 6912
> 00:00:c5:92:36:c4 00:01:80:0c:70:b2 0800 74: (tos 0x0, ttl 255, length: 60) 10.0.0.1 > 10.0.0.6: icmp 40: echo reply 
> seq 6912

I also didn't use any capture filter, although if you're using Ethernet,
I wouldn't expect that to be an issue.  (I'm not sure I'd expect it to
be an issue for ARP if it's not an issue for IP, however....)

I'll look at loading 3.0 final and see if it works.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe