tech-net archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Capturing packets when no IP address is assigned to the capturing interface
jmitchel%bigjar.com@localhost (Jason Mitchell) writes:
>Hello,
> Â Â Â The recent discussion about bridges reminded me of a potentially
>similar issue. Running tcpdump against an interface that doesn't have an
>IP address won't capture any packets.
I don't think that's true.
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wm0, link-type EN10MB (Ethernet), capture size 262144 bytes
....
[ifconfig wm0 up in another window, not assigning an address]
06:40:55.017529 IP 10.28.5.68.59276 > 255.255.255.255.10001: UDP, length 158
06:40:55.018716 IP6 fe80::822a:a8ff:fe93:3591.60648 > ff02::1.10001: UDP, length 158
...
8 packets captured
8 packets received by filter
0 packets dropped by kernel
>Assigning any IP address causes
>tcpdump to see packets, even a LL address. Additionally, you can remove
>the address from the interface and tcpdump will still receive packets.
>Any idea why this happens?
Assigning an IP address implies enabling it ('up').
Removing an IP address does not disable it.
Home |
Main Index |
Thread Index |
Old Index