After physically pulling the line and reconnecting it again, pcap (I am programming it in C) produces packets which are most likely not really there and misses out on all "normal" traffic which is going on. I have two nodes on the network which continue talking pure ethernet frames and are 100% undisturbed by me pulling the cable from the sniffer node - after I reconnect, their traffic is no longer seen by pcap. I am using plain vanilla pcap_loop() without any filter or timeout. The pcap_loop() doesn't terminate when I do this. Does the handle to the interface (pcap_t descriptor) become invalid when there is no physical connection? Anyone who knows how pcap reacts on a disconnected interface?
Asked
Active
Viewed 54 times
0
-
What are you using to connect the machines - if it is a switch (smart or dumb) why would you expect the data without ARP poisoning? The switch is dropping your connection - unless of course you have a 'real' router – Adrian Cornish Sep 08 '15 at 23:25
-
No switch. As far as I understand the boards have two physical units per interface, so only cables. These are ARM embedded systems (although the phenomenon stays the same on my amd64 test system. – Vroomfondel Sep 08 '15 at 23:34