Hello , Can a frame TCP [SYN ACK] captured (without errors) by wireshark on my eth0, finally, not leave physically, on the network? (remained blocked by the Ethernet card, right before the sending) Thks Thomas asked 19 Feb '15, 06:45  ThomasAdminL... |
2 Answers:
In theory, yes, it could. There could be a blocking situation below the capture interface, towards the hardware. Somewhere in the driver, or in the network hardware itself there could be a problem or a bug causing this frame not to appear on the physical layer. How likely this is is depending on the maturity of the silicon and/or software driving the hardware. answered 19 Feb '15, 08:17  Jaap ♦ |
If the packet was supposedly sent by your machine, yes, that could happen. Few, if any Ethernet interfaces receive their own transmissions (I don't know of any that do), so transmitted packets are "captured" by the software delivering a copy of the packet to the packet capture mechanism. The packet might be handed to the Ethernet adapter but it might, for example, not be able to transmit it (much more likely if it's half-duplex than if it's full-duplex on a switched Ethernet). answered 19 Feb '15, 19:41  Guy Harris ♦♦ |
