No traffic seen in Wireshark when I run arp -a
OS: W10 64 bit Command prompt ran as admin Wireshark ran as admin Wireshark versions tested: local install of 3.4.6 and portable 3.4.5
I start the wireshark capture and then proceed to run a few arp -a requests in command prompt so I can analyze the traffic in wireshark. However, when I go to wireshark the ARP protocol traffic does not appear. Using display filter arp or using the sort function to hopefully see the arp traffic at the top with no luck.
At times some arp traffic appears but not consistently. If it does appear as Arp protocol traffic then I see the MAC ID as all 0's or the MAC ID of my router. I would think that I would see arp traffic from a broadcast MAC of all f's.
Question:
Why can't I see consistent arp traffic being captured in wireshark when I run the capture and run the command arp -a? Also, why isn't the broadcast mac ID of all f's present in the capture of the arp traffic when it does inconsistently appear?
Any help will be greatly appreciated - thanks!
Do NOT run Wireshark with elevated privileges, it's not required and a potential security risk. See Wireshark Security for more info.
What interface are you capturing on?
Thanks for the tip and reply.
I am capturing on the ethernet interface.