Home / ubuntu / Questions / 321511
In Process
Ellouze Anis
Asked: 2013-07-19 05:21:00 +0800 CST

problem in wireshark with logical interface

  • 772

I add two logical interfaces to test with the following command : 

# set link on physical Device Up
sudo ip link set up dev eth0

# create logical Interfaces
sudo ip link add link eth0 dev meth0 address 00:00:8F:00:00:02 type macvlan
sudo ip link add link meth0 dev meth1 address 00:00:8F:00:00:03 type macvlan

# order IP Addresses and Link
sudo ip addr add 192.168.56.5/26 dev meth0
sudo ip addr add 192.168.56.6/26 dev meth1
sudo ip link set up dev meth0
sudo ip link set up dev meth1


meth0     Link encap:Ethernet  HWaddr 00:00:8f:00:00:02  
          inet addr:192.168.56.5  Bcast:0.0.0.0  Mask:255.255.255.192
          inet6 addr: fe80::200:8fff:fe00:2/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:35749 errors:0 dropped:47 overruns:0 frame:0
          TX packets:131 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:3830628 (3.8 MB)  TX bytes:15278 (15.2 KB)

meth1     Link encap:Ethernet  HWaddr 00:00:8f:00:00:03  
          inet addr:192.168.56.6  Bcast:0.0.0.0  Mask:255.255.255.192
          inet6 addr: fe80::200:8fff:fe00:3/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:35749 errors:0 dropped:47 overruns:0 frame:0
          TX packets:115 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:3830628 (3.8 MB)  TX bytes:14942 (14.9 KB)

I run "wireshark" to test traffic between meth0 and meth1 ,

so I execute ping 192.168.56.6 to generate icmp traffic. But details of this traffic doesn't appear in wireshark.

Is there a problem in wireshark with logical interface?

wireshark

1 Answers

  1. Is there a problem in wireshark with logical interface?

    Probably not. You'll probably see the same problem with tcpdump, netsniff-ng, or anything else that uses PF_PACKET sockets for sniffing on Linux (Linux in general, not just Ubuntu in particular, or even Ubuntu, Debian, and other Debian-derived distributions).

    Given that those are two logical interfaces on the same machine, traffic between them will not go onto the Ethernet - no Ethernet adapters I know of will receive packets that they transmit, so if the packet were sent on the Ethernet the host wouldn't see it, and there wouldn't be any point in wasting network bandwidth by putting that traffic on the network even if the Ethernet adapter would see its own traffic.

    So if you're capturing on eth0, you might not see the traffic. Try capturing on lo instead.

    • 1