0

Here are my command when I set up the interface:

sudo ip tuntap add dev router0 mod tun
sudo ip addr add 10.0.0.138/24 dev router0
sudo ip link set dev router0 up

Here is the output of ip addr show dev router0

8: router0: <NO-CARRIER,POINTOPOINT,MULTICAST,NOARP,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 500
    link/none 
    inet 10.0.0.138/24 scope global router0
       valid_lft forever preferred_lft forever

When I try to ping 10.0.0.138 listen on the interface using tshark via sudo tshark -i router0, nothing happens.

Here is my ping 10.0.0.138 output:

PING 10.0.0.138 (10.0.0.138) 56(84) bytes of data.
64 bytes from 10.0.0.138: icmp_seq=1 ttl=64 time=0.063 ms
64 bytes from 10.0.0.138: icmp_seq=2 ttl=64 time=0.058 ms

Here is my sudo tshark -i router0 output:

Capturing on 'router0'

Nothing is coming through

Happy Jerry
  • 3
  • 3

1 Answers1

0

Because the ping actually doesn't reach a physical device, where tshark taps into it to listen for packets.

When you add an address to your computer, to any interface, it creates a special route in the table local (check your sudo ip route show table local). There will be some local routes. Any communication with local routes is designed to skip several layers of networking stack to enhance efficiency. Your packets should appears on the lo interface, so to see them you have to run sudo tshark -i lo.

Nikita Kipriyanov
  • 10,947
  • 2
  • 24
  • 45
  • If I were to communicate to the IP on a different machine, would tshark or any program be able to read from the device? I am creating a program that reads from devices and need to read from that interface. tshark was just my test program. – Happy Jerry Jun 15 '22 at 12:25
  • Packets appear on the `lo` because you ping the host itself. The same will be if you ping your address you configured on e.g. Ethernet or WiFi interface. If you ping the address that is *behind* the interface, packets will appear on the interface. For your case, try pinging `10.0.0.139`; you'll see no answers, but `tshark` will still see the pings going out to `router0`. But that only seems to work once you open the back-end of `router0` in your program (otherwise the route will have a `linkdown` tag and still nothing will be sent to the device) – Nikita Kipriyanov Jun 15 '22 at 12:45
  • Thank you for your answer! So, if I were to ping on the same network, not on my machine, `tshark` would be able to read the device? How can I put the state to UP so that I can consistently read and write to to the interface – Happy Jerry Jun 15 '22 at 19:56
  • You need to actually open the device backend in your program. The OS will consider that as "establisted link". If you send packets there, it will send it to the device and they appear in your program, and at the same time you will be able to capture them using tshrak. – Nikita Kipriyanov Jun 16 '22 at 03:18
  • "You need to actually open the device backend in your program" How do I achieve this? Do I need to bind a socket to an interface. e.g., use `setsockopt` – Happy Jerry Jun 16 '22 at 03:26
  • This is far from the scope of the original question, and out of the scope of ServerFault. How to write programs you ask on StackOverflow. The tun/tap driver has a kernel API, read its documentation; for an example see sources of openvpn, tinc, openconnect, who use it. Also probably you used tun by mistake, as it doesn't create a tunnel by itself, it is the way to get packets into userspace for processing. – Nikita Kipriyanov Jun 16 '22 at 03:59