watching outgoing ping packets via tcpdump/ethereal


I'm trying to debug an ethernet interface. I have a Linux host machine and a client machine which has the interface that is to be tested. The host and client are connected via a cross-connected ethernet cable.

I start tcpdump or ethereal on the host interface, for listening on both incoming and outgoing packets. At the same time, I ping the test machine, and expect to see the network traffic.

The problem is that I don't see any outgoing traffic on the host interface, let alone the test box's replies. Why would this happen?

Should I not expect to see at least outgoing ping traffic, even if there's no cable attached on the host interface?

I am listening and sending from the same interface. Is this a problem? In other words, does my host need to sit inbetween the traffic, rather than being the source, in order to listen to the network? I am using a linux box.

Thanks, Bahadir

Are you sure the driver/interface support promiscuous mode?

Are you sure that the interface/driver went into promiscuous mode?

Do you have proper permissions to enable promiscuous mode?

How long are you waiting for output? Perhaps it is being buffered.

Are you disabling IPaddress to name lookups to avoid issues with reaching a DNS server (since you say you are back to back)?

rick jones

Rick Jones

No. No cable means no link. No link means no traffic. Are you sure you have a cross-over cable between the two machines? Do the NICs on both machines indicate a link at the same speed/duplicity?


News 2 Me

Hi, Just an update on the situation, I can say none of the above might be the cause; I have connected my host and the testing client to a network. Host listens on the client by:

% tcpdump ether host -xx -vvv

In this setup client receives its IP via dhcp from some server on the network. The dhcp packets are caught by tcpdump on my host. I have also inserted prints on xmit and receive functions in the ethernet driver on the client, the dhcp traffic is also visible there.

At this point, the client successfully received an IP address. Now, on my host, if I ping the client with its IP address, the ping is successful, I see replies for each ping request. I can do this from the client to host also. But this ping traffic neither shows up on the client's ethernet driver nor on the tcpdump window on the host. Any ideas why ping wouldn't show up but dhcp would?

Do you have any suggestions for generating other basic network traffic than ping that would show up?

Thanks, Bahadir

