Ubuntu中文论坛

发表于： **2007-12-19 17:03**

root@ubuntu:~# tcpdump arp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
17:05:44.761428 arp who-has 192.168.0.117 tell 192.168.0.126
17:05:45.010871 arp who-has 192.168.0.112 tell 192.168.0.3
17:05:47.605129 arp who-has 192.168.0.107 tell 192.168.0.126
17:05:48.241335 arp who-has 192.168.0.112 tell 192.168.0.3
17:05:58.347161 arp who-has 192.168.0.140 tell 192.168.0.108
17:05:59.630598 arp who-has 192.168.0.58 tell 192.168.0.82
17:06:01.648521 arp who-has 192.168.0.109 tell 192.168.0.3
17:06:06.428834 arp who-has 192.168.0.59 tell 192.168.0.3
17:06:12.351738 arp who-has 192.168.0.10 tell 192.168.0.124

9 packets captured
18 packets received by filter
0 packets dropped by kernel
root@ubuntu:~#

发表于： **2007-12-20 14:22**

14:25:34.443496 arp who-has 10.10.7.235 tell 10.10.7.1
14:25:34.444183 arp who-has 10.10.7.73 tell 10.10.7.1
14:25:34.444319 arp reply 10.10.7.73 is-at 00:11:5b:81:29:78 (oui Unknown)

发表于： **2007-12-20 16:28**

怪了，我这里只能显示自己机器reply别的机器。

发表于： **2007-12-21 10:35**

在我自己的网络中REPLY包也是非常少的.根据ARP协议原理.使用广播包来发送请求,使用单播包来回应,如果象我的网络环境,你就只能抓到发送到你交换机口的回复包,混杂模式只能抓到与你共享介质的数据.所以你会看到请求包很多而回复包超级少

TOP:
交换机---->集线器---->PC

发表于： **2011-06-09 16:00**

tcpdump arp or rarp
只选择了arp当然就只能看到query的包了

Ubuntu中文论坛

tcpdump arp只能抓到请求包，不能抓到应答包是怎么回事呀？

tcpdump arp只能抓到请求包，不能抓到应答包是怎么回事呀？

Re: tcpdump arp只能抓到请求包，不能抓到应答包是怎么回事呀？