This may be a very trivial question but I can't figure it out by myself. Examining a packet trace of a ping from node1 to node2 I see that in the echo/reply packets the destination MAC is not present under "Linux cooked capture" section on Wireshark. The capture was obtained with tcpdump on Ubuntu. Why the destination MAC address is not there?, how node2 knows that the packets should be received by its network interface if the packet doesn't have a destination MAC address?. The ping works fine but I am struggling with the concept of source and destination MAC when I analyze the trace. Any help is appreciated. Juan. asked 09 Sep '11, 16:00  Juan |
One Answer:
answered 09 Sep '11, 16:32  SYN-bit ♦♦ Thanks, that explains my problem. (12 Sep '11, 08:32) Juan |
On what network device did you capture this? If it's on the "any" device, then see SYNbit's comment; given the way the "any" device works, it captures in a mode where you can't get the destination address. If it's on a particular network device (such as, for example, eth0), if that device is an Ethernet or Wi-Fi device, you should get the source and destination addresses.
In fact I was using "any" on tcpdump, after I limited the capture to a particular interface I can see the destination address. Thanks.