Not able to see ARP response in wireshark
Hi,
I am trying to understand how ARP works. I'm running a CentOS 7 as a guest VM(Virtual Box) on a Windows 10 host.
The guest configuration network is set to "bridged adapter" and the VirtualBox Host-Only Network is set to IP:192.168.56.1 mask: 255.255.255.0
Wireless LAN adapter Wi-Fi:
IPv4 Address. . . . . . . . . . . : 192.168.0.107
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
I am pinging the CentOS VM from host(Ping is working fine). I captured the network packets on wireshark on the host.
Ideally, I should see an ARP response directly from CentOS VM(192.168.0.177) to the host(192.168.0.107) since both are in the same network.
In my case, I see no response from CentOS VM(192.168.0.177) to the host(192.168.0.107). I am still able to ping.
Is there any setting I need to change in order to see the reply from CentOS?
Thanks in advance
Comments
Do you see the ARP request? If not it is very likely that the entry is already cached by the host.
Helpful commands are:
arp -a show entries in the ARP cache on Windows and Linux
arp -an My preferred method to display the ARP cache on Linux (numeric results)
arp -d to delete entries from the ARP cache
Good luck Eddi
I see the ARP request from my host(192.168.0.107) to CentOS(192.168.0.177).
I can see another ARP request from my gateway(192.168.0.1) to CentOS(192.168.0.177).
ARP response is from my host to gateway - 192.168.0.177 is at 10-02-B5-BE-C4-13(mac address of my host)
But there is no ARP response, yet I am able to ping from windows:
C:\WINDOWS\system32>ping 192.168.0.177
Pinging 192.168.0.177 with 32 bytes of data:
Reply from 192.168.0.177: bytes=32 time<1ms TTL=64
Reply from 192.168.0.177: bytes=32 time<1ms TTL=64
Reply from 192.168.0.177: bytes=32 time=1ms TTL=64
Reply from 192.168.0.177: bytes=32 time<1ms TTL=64
The ARP entries are displayed correctly.
Thank you