On Thu, Feb 15, 2001 at 12:28:47AM -0800, Guy Harris wrote:
> On Thu, Feb 15, 2001 at 10:20:18AM +0200, Sandor.Hojtsy@xxxxxxxxx wrote:
> > Is it possible with ethereal to catch IP packets sent by a machine to
> > it's own IP address?
>
> It depends on the OS, and it depends on how the OS handles that. For
> example, on my home machine, running FreeBSD 3.4, if I ping my own IP
> address - not 127.0.0.1, but one of the IP addresses for its Ethernet
> card - the traffic shows up on the loopback device, *not* on the network
> device, so I see them if I capture on "lo0", but not if I capture on
> "fxp0".
>
> They show up as loopback packets, *not* Ethernet packets, in the capture
> (not surprising, as I'm capturing on the loopback device).
> Nevertheless, they have the IP address in question, not 127.0.0.1, in
> the IP header.
>
> I may try that on my Debian 2.2, Solaris 7, and NT 4.0 partitions to see
> what happens there.
Debian 2.2 (2.2[.x] kernel):
just as on FreeBSD, the traffic shows up on the loopback device
("lo"), with the IP addresses being the one I used, not
127.0.0.1. It doesn't show up on "eth0".
Solaris 7:
the traffic doesn't show up on the Ethernet device; you can't
capture on the loopback device on Solaris.
NT 4.0:
the traffic doesn't show up on the Ethernet device; there isn't
a loopback device on which to capture.
Note that you will see the exact same behavior with other packet capture
programs on UNIX systems, such as tcpdump and snoop - Ethereal just uses
libpcap, which uses the native capture mechanism.