From owner-freebsd-net  Mon Aug  6  6:36: 3 2001
Delivered-To: freebsd-net@freebsd.org
Received: from finch-post-12.mail.demon.net (finch-post-12.mail.demon.net [194.217.242.41])
	by hub.freebsd.org (Postfix) with ESMTP id B6A0037B41F
	for <freebsd-net@freebsd.org>; Mon,  6 Aug 2001 06:35:40 -0700 (PDT)
	(envelope-from henry@techiebod.com)
Received: from [62.49.229.110] (helo=gw1.techiebod.com)
	by finch-post-12.mail.demon.net with esmtp (Exim 2.12 #1)
	id 15TkXj-0009Yl-0C
	for freebsd-net@freebsd.org; Mon, 6 Aug 2001 13:35:39 +0000
Received: by gw1.techiebod.com (zmail, from userid 1000)
	id D6BDE3E9BBE; Mon,  6 Aug 2001 14:35:38 +0100 (BST)
Received: from localhost (localhost [127.0.0.1])
	by gw1.techiebod.com (zmail) with ESMTP id D43C13E5E32
	for <freebsd-net@freebsd.org>; Mon,  6 Aug 2001 14:35:38 +0100 (BST)
Date: Mon, 6 Aug 2001 14:35:38 +0100 (BST)
From: Henry Whincup <henry@techiebod.com>
X-X-Sender:  <henry@localhost>
To: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>
Subject: BPF does not pick up loopback activity
Message-ID: <20010806140314.O37365-100000@localhost>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

Take the following example:
# ifconfig fxp0
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255
        ether 00:90:27:94:84:34
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
# tcpdump -ni fxp0 &
# ping 192.168.2.1
PING 192.168.2.1 (192.168.2.1): 56 data bytes
64 bytes from 192.168.2.1: icmp_seq=0 ttl=64 time=0.059 ms
64 bytes from 192.168.2.1: icmp_seq=1 ttl=64 time=0.057 ms
^C
--- 192.168.2.1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.057/0.058/0.059/0.001 ms
# ping 192.168.2.2
PING 192.168.2.2 (192.168.2.2): 56 data bytes
64 bytes from 192.168.2.2: icmp_seq=0 ttl=255 time=3.134 ms
14:33:23.291728 arp who-has 192.168.2.2 tell 192.168.2.1
14:33:23.293210 arp reply 192.168.2.2 is-at 0:d0:ba:a:91:c0
14:33:23.293227 192.168.2.1 > 192.168.2.2: icmp: echo request
14:33:23.294782 192.168.2.2 > 192.168.2.1: icmp: echo reply
64 bytes from 192.168.2.2: icmp_seq=1 ttl=255 time=1.408 ms
14:33:24.297997 192.168.2.1 > 192.168.2.2: icmp: echo request
14:33:24.299352 192.168.2.2 > 192.168.2.1: icmp: echo reply
^C
--- 192.168.2.2 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.408/2.271/3.134/0.863 ms
#

Note that the packets sent to the local IP address are not picked up by
tcpdump.  This can be tried with any traffic type, I have just used ping
as an example.

Is this the correct/desired behaviour?  If it is, is there any other way
to capture these packets?

Thanks

Henry



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message