Reputation: 166
tcpdump always filters my packets
I've been using tcpdump for about a month now, and recently, it has stopped capturing any packets that were not sent to or from the computer running tcpdump. I've stripped down my command to just:
sudo tcpdump -i en2
I've checked my interfaces with ifconfig, and en2 is in "PROMISC" mode. When specifying a specific host as a filter, I only see a few "arp" messages but nothing compared to what is actually going on in the network.
Any ideas why this would be happening? Much appreciated if anyone can offer some advice!
Richard
ps, sorry for the re-post, i wanted to register this time! (new to s.o.)
Upvotes: 0
Views: 404
Answers (1)
Reputation: 8449
Do you know what network equipment is used \ if there has been a change recently?
One possible explanation is that your computer is connected to a switch (and not a hub) the switch sends to your adapter only traffic intended to your MAC address, and broad casts (hence the ARP)
one way to check this is to send broad casts from other computers in the network (just use ping 255.255.255.255) and see if you can see anything.
Upvotes: 1
Related Questions
- How to resolve tcpdump dropped packets?
- tcpdump / wireshark capturing problems
- Capture incoming traffic in tcpdump
- Trying to understand packets captured with tcpdump
- tcpdump throws PKTAP error
- Why doesn't tcpdump catch packet after specifying ip?
- tcpdump returns 0 packets captured, received and dropped
- tcpdump inside a shell script captures nothing
- tcpdump slowed down by... its own filter?
- problem in capturing tcp packet properly