I've got a case where I'm certain there are packets on the wire, but I'm not able to pick them up in wireshark/tshark (or from tcpdump and dumpcap either for that matter).
The setup: a device (that is currently under development -- I'm the developer) appears to be flooding the network with some kind of packet, but the device itself appears to be off line i.e. `ip addr` reports no address for the interface and indicates that its 'state' is down. The packet flood is enough to DOS the rest of my LAN (unless I segregate or isolate it) and the flood stops when I disconnect the device from the LAN. The evidence: * the local switch shows flashing activity lights on the port the device is connected to. * I've inserted a sharktap device in-line between the device and the switch -- activity lights flash on all ports there as well. The problem: * I can't sniff these packets. I have command line/console access on the device itself, but running tcpdump there doesn't show the packet flood. I presume this is because the ethernet driver is not reporting anything back to the kernel because it thinks it's down. I have a laptop, running the latest wireshark, connected to the tap port on the sharktap, but it's not showing me the flood either (it IS running in promiscuous mode and DOES show me other packets that might be on the wire). For what it's worth, I've even connected the device directly to the laptop w/o the switch or tap and I see the same thing: nothing. How can I determine what's on the network? It's very clear that there ARE packets on the network based on the activity lights and the resulting DOS from the flood. _______________________________________________________ Alan Partis thundernet development group ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-requ...@wireshark.org?subject=unsubscribe
