Why am I not seeing ARP requests from my own machine in wireshark?
5,363
ARP traffic uses MAC addresses (Layer 2), not IP addresses (Layer 3), so your filter should be filtering out all ARP traffic. Change your filter from ip.src == MY_IP to arp or arp.src.hw_mac == MY_MAC and you should see the ARP packets.
Related videos on Youtube
10 : 38
Learn Wireshark in 10 minutes - Wireshark Tutorial for Beginners
07 : 47
When do you need the ARP protocol? -Wireshark
06 : 08
Address Resolution Protocol (ARP) analysis Using WireShark
08 : 47
Analyzing ARP Requests and Responses using Wireshark
01 : 26
Why am I not seeing ARP requests from my own machine in wireshark?
Author by
user1028270
Updated on September 18, 2022Comments
-
user1028270 over 1 year
I am using Windows 7. I open up Wireshark and start a live capture with the filter:
ip.src == THIS.IS.MY.IPI then go to a command line and do an
arp -d *and ping a bunch of stuff.I see my ICMP traffic and other traffic in Wireshark, but no ARP traffic. Why is this?
I should mention with out the filter I do see ARP traffic coming from other machines on the network, just not my own.
-
user1028270 over 9 yearsThis works, looks like I was "lying" about not seeing any arp traffic from my machine with the filter off- I was sorting the traffic by destination and looking for my IP not my MAC.
-
user1686 over 9 yearsTo clarify, even though ARP requests do contain IP addresses, they're in different fields – not in the (nonexistent) IP header, but inside the ARP request itself. So you'd need
arp.src.somethingto filter by IP.
