Why am I not seeing ARP requests from my own machine in wireshark?
5,363
ARP traffic uses MAC addresses (Layer 2), not IP addresses (Layer 3), so your filter should be filtering out all ARP traffic. Change your filter from ip.src == MY_IP
to arp
or arp.src.hw_mac == MY_MAC
and you should see the ARP packets.
Related videos on Youtube
Author by
user1028270
Updated on September 18, 2022Comments
-
user1028270 over 1 year
I am using Windows 7. I open up Wireshark and start a live capture with the filter:
ip.src == THIS.IS.MY.IP
I then go to a command line and do an
arp -d *
and ping a bunch of stuff.I see my ICMP traffic and other traffic in Wireshark, but no ARP traffic. Why is this?
I should mention with out the filter I do see ARP traffic coming from other machines on the network, just not my own.
-
user1028270 over 9 yearsThis works, looks like I was "lying" about not seeing any arp traffic from my machine with the filter off- I was sorting the traffic by destination and looking for my IP not my MAC.
-
user1686 over 9 yearsTo clarify, even though ARP requests do contain IP addresses, they're in different fields – not in the (nonexistent) IP header, but inside the ARP request itself. So you'd need
arp.src.something
to filter by IP.