[wellylug] How do I create a "quiet" or "raw" ethernet interface for WireShark?
David Antliff
david.antliff at gmail.com
Mon Jul 11 14:07:20 NZST 2011
Hello,
I'm attempting to use WireShark (and a few other tools like PackETH)
to create a simple "poor man's" ethernet tester. I want to generate
arbitrary ethernet frames (not IP packets) on an ethernet port, with
complete control over the ethernet header, CRC, etc. There seem to be
plenty of tools for constructing such packets, and sending them.
I am using a USB-to-Ethernet adapter (Edimax EU-4207). This device
seems to be fully detected by Linux, which is good:
[1478963.769937] usb 2-1.4: new high speed USB device using ehci_hcd
and address 5
[1478964.722240] asix 2-1.4:1.0: eth1: register 'asix' at
usb-0000:00:1d.0-1.4, ASIX AX88772 USB 2.0 Ethernet, 00:50:b6:4e:f8:f3
[1478964.746371] eth1: link down
I have another Linux machine with a second ethernet port, so I thought
I'd start by trying to send packets from one to the other. This seems
to work fine, packets are sent and received, but there's a problem.
It seems that WireShark cannot 'see' a port unless I use ifconfig to
configure it with an IP address. But once I do this, Linux starts
sending ARP broadcasts, Samba packets, dropbox packets, all sorts over
this interface. This is very noisy. I reduced this considerably by
removing all routes for this interface at both ends, and using
"ifconfig eth1 -arp" as well, but I still see a few packets now and
again. Enough to invalidate the tests I want to run anyway as I'm
going to be counting received packets within an FPGA, so I need strict
control over what goes on the line.
My questions are therefore:
- how can I completely 'silence' an ethernet port in Linux?
- Is it necessary to configure an ethernet port with an IP address
for WireShark to use it?
- Is there some sort of 'half-configured' state I can put the port
into (some sort of 'raw' port) that will allow me to have complete and
exclusive control of the interface?
I'd like to reiterate that I do not need IP on this, just the ability
to send and receive arbitrary ethernet frames.
Thanks,
-- David.
More information about the wellylug
mailing list