Re: missing ARP reply

From: Patrick Mahan <plmahan_at_gmail.com>
Date: Tue, 12 Nov 2024 20:54:04 UTC
On Tue, Nov 12, 2024 at 8:35 AM Gary Aitken <freebsd@dreamchaser.org> wrote:

> On 11/11/24 21:36, Gary Aitken wrote:
> > I'm having trouble with my solar inverter connecting to its home
> > base somewhere in Germany and am suspecting a problem with a missing
> > ARP reply.
> ...
> > xxx.yyy is the inverter on the local network xxx.zzz is the fbsd
> > gateway/router on the local network
> >
> > #tcpdump -flnt -i fxp0 | grep 192.168.xxx.yyy ARP, Request who-has
> > 192.168.xxx.zzz (aa:bb:cc:dd:ee:ff) tell 192.168.xxx.yyy, length 46
> > IP 192.168.xxx.yyy.3337 > 147.185.237.1.22222: Flags [.], seq
> > 26043:26065, ack 708198036, win 2144, length 22 IP
> > 147.185.237.1.22222 > 192.168.xxx.yyy.3337: Flags [P.], seq 1:23, ack
> > 22, win 18410, length 22 IP 192.168.xxx.yyy.3337 >
> > 147.185.237.1.22222: Flags [.], ack 23, win 2144, length 0
> >
> > I'm guessing the 3 packets exchanged are a power optimizer reporting
> > in, but may be the inverter doing something.
> >
> > The arp table on xxx.zzz has a permanent entry for itself on the
> > interface, picked up from /etc/hosts:
> >
> > # arp -a ns.dreamchaser.org (192.168.xxx.zzz) at aa:bb:cc:dd:ee:ff on
> > fxp0 permanent [ethernet]
> >
> > Thoughts on why I am not seeing a reply to the ARP request?
>
> My error; tcpdump does not print the destination host address in the ARP
> reply, so grep didn't catch it.  duh.  Should have been
>
>    tcpdump -flnt -i fxp0 | grep ARP
> or
>    tcpdump -flnt -i fxp0 | grep aa:bb:cc:dd:ee:ff
>
>
Also, tcpdump -e will print the ethernet header of the packet.  Also, if
you want to watch for only ARP requests then the filter 'arp' will limit
the output to only ARP packets, e.g. - tcpdump -i fxp0 -eflnt arp will give
you just the ARP traffic.

Patrick