Timeline for ARP request is successful, but TCP SYN is not visible in output of Wireshark
Current License: CC BY-SA 4.0
11 events
when toggle format | what | by | license | comment | |
---|---|---|---|---|---|
May 22 at 17:04 | comment | added | Cpt.Whale |
@user94749 yes, tcpdump [-i eth0] -w mycap.pcap will generate a file you can open in wireshark directly for example
|
|
May 22 at 4:33 | comment | added | Spiff | What does the route table of the client show? | |
May 22 at 4:32 | comment | added | Spiff | The IPv4LL subnet is not supposed to be manually configured. Use any RFC 1918 private subnet instead. If you DO have to manually configure something on that subnet, use 0 or 255 in the third octet, because those values are reserved and shouldn't conflict with self-assigned addresses, which use 1-254 in the third octet. | |
May 22 at 4:01 | comment | added | Tom Yan |
Please add the output of iptables-save (from the client). Btw, I assume you do see the ARP reply from the server (VM) in the wireshark capture?
|
|
May 21 at 23:03 | history | edited | user94749 | CC BY-SA 4.0 |
Modify the format of the post, information was neither added nor removed.
|
May 21 at 22:53 | comment | added | user94749 | Thank you for your comment! I added the missing information to the post. Regarding your second comment, do you suggest to try eg. tcpdump instead of Wireshark? Or do you suggest another tool for this purpose? | |
May 21 at 22:49 | history | edited | user94749 | CC BY-SA 4.0 |
Add info about the ARP table of the client and the IP address of the server.
|
May 21 at 21:57 | comment | added | Cpt.Whale | You might also try capturing from either of the debian machines instead - wireshark can be awkward about capturing on a bridged interface, especially for traffic not addressed to the host | |
May 21 at 21:54 | comment | added | Cpt.Whale | Does the client create an actual arp entry or a route for 169.254? The 169.254/16 prefix SHOULD NOT be configured manually (RFC 3927), there are mechanisms to auto-configure it, including adding the required on-link routes. Is there a reason to use it over a private address space like 172.16.0.0/16? | |
S May 21 at 21:08 | review | First questions | |||
May 21 at 21:30 | |||||
S May 21 at 21:08 | history | asked | user94749 | CC BY-SA 4.0 |