Re: Capturing packets when no IP address is assigned to the capturing interface

To: tech-net%netbsd.org@localhost
Subject: Re: Capturing packets when no IP address is assigned to the capturing interface
From: mlelstv%serpens.de@localhost (Michael van Elst)
Date: Mon, 7 Jun 2021 04:46:48 -0000 (UTC)

jmitchel%bigjar.com@localhost (Jason Mitchell) writes:

>Hello,

> Â Â Â  The recent discussion about bridges reminded me of a potentially 
>similar issue. Running tcpdump against an interface that doesn't have an 
>IP address won't capture any packets.

I don't think that's true.

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wm0, link-type EN10MB (Ethernet), capture size 262144 bytes
....
[ifconfig wm0 up in another window, not assigning an address]
06:40:55.017529 IP 10.28.5.68.59276 > 255.255.255.255.10001: UDP, length 158
06:40:55.018716 IP6 fe80::822a:a8ff:fe93:3591.60648 > ff02::1.10001: UDP, length 158
...
8 packets captured
8 packets received by filter
0 packets dropped by kernel

>Assigning any IP address causes 
>tcpdump to see packets, even a LL address. Additionally, you can remove 
>the address from the interface and tcpdump will still receive packets. 
>Any idea why this happens?

Assigning an IP address implies enabling it ('up').
Removing an IP address does not disable it.

References:
- Capturing packets when no IP address is assigned to the capturing interface
  - From: Jason Mitchell

Prev by Date: Capturing packets when no IP address is assigned to the capturing interface
Next by Date: Re: Capturing packets when no IP address is assigned to the capturing interface
Previous by Thread: Capturing packets when no IP address is assigned to the capturing interface
Next by Thread: Re: Capturing packets when no IP address is assigned to the capturing interface
Indexes:

Home | Main Index | Thread Index | Old Index