Capturing packets when no IP address is assigned to the capturing interface

To: tech-net%netbsd.org@localhost
Subject: Capturing packets when no IP address is assigned to the capturing interface
From: Jason Mitchell <jmitchel%bigjar.com@localhost>
Date: Sun, 6 Jun 2021 23:43:13 -0400

Hello,

The recent discussion about bridges reminded me of a potentiallysimilar issue. Running tcpdump against an interface that doesn't have anIP address won't capture any packets. Assigning any IP address causestcpdump to see packets, even a LL address. Additionally, you can removethe address from the interface and tcpdump will still receive packets.Any idea why this happens?

I'm thinking it might be related to the problem with setting up abridge with a tap interface and a physical interface that doesn't havean address. It appears that no packets flow across the bridge until youassign an IP address to the physical interface, even if it's a LLaddress. And tcpdump seems to be subject to the same restriction. I'mattaching the output of the commands below.


Thanks for reading!

Jason M.


root@ODROIDC2-NUK:/# tcpdump -i axe0 -n
dropped privs to _tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on axe0, link-type EN10MB (Ethernet), capture size 262144 bytes

<I assigned 169.254.169.253 to axe0 in another window>

16:50:05.486764 ARP, Request who-has 169.254.169.253 tell169.254.169.253, length 2816:50:05.487527 IP6 :: > ff02::1:ff9a:b105: HBH ICMP6, multicastlistener reportmax resp delay: 0 addr: ff02::1:ff9a:b105, length 24

....

^C
38 packets captured
38 packets received by filter
0 packets dropped by kernel
root@ODROIDC2-NUK:/# ifconfig axe0 169.254.169.253 -alias
root@ODROIDC2-NUK:/# ifconfig axe0
axe0: flags=0x8a43<UP,BROADCAST,RUNNING,ALLMULTI,SIMPLEX,MULTICAST> mtu 1500
        ec_capabilities=1<VLAN_MTU>
        ec_enabled=0
        address: 00:90:9e:9a:b1:05
        media: Ethernet autoselect (100baseTX full-duplex)
        status: active
        inet6 fe80::290:9eff:fe9a:b105%axe0/64 flags 0x0 scopeid 0x4
root@ODROIDC2-NUK:/# tcpdump -i axe0 -n
dropped privs to _tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on axe0, link-type EN10MB (Ethernet), capture size 262144 bytes

16:51:04.309402 STP 802.1d, Config, Flags [none], bridge-id8000.54:4a:00:b8:4b:20.8002, length 4316:51:05.216064 IP6 :: > ff02::1:ff9a:b105: ICMP6, neighborsolicitation, who has fe80::290:9eff:fe9a:b105, length 3216:51:06.308299 STP 802.1d, Config, Flags [none], bridge-id8000.54:4a:00:b8:4b:20.8002, length 43


...

^C
9 packets captured
9 packets received by filter
0 packets dropped by kernel
root@ODROIDC2-NUK:/#

Follow-Ups:
- Re: Capturing packets when no IP address is assigned to the capturing interface
  - From: Greg Troxel
- Re: Capturing packets when no IP address is assigned to the capturing interface
  - From: Michael van Elst

Prev by Date: Re: Strange Netgear GA620T
Next by Date: Re: Capturing packets when no IP address is assigned to the capturing interface
Previous by Thread: Adding a bpf peers_present function and "peers added/gone" callback
Next by Thread: Re: Capturing packets when no IP address is assigned to the capturing interface
Indexes:

Home | Main Index | Thread Index | Old Index