[I had to repost this from the ask.wireshark.org as my questions do not come up there, still not sure why].
Hi All,
I'll try my luck here.
I'm trying to solve a similar problem to the one described in "how to work around unicast messages" question, albeit in my case I'm not seeing an ARP reply (unicast) in Wireshark. I need to say that I have read everything that was suggested in that thread (wireshark help and a set of other documents on Ethernet Capturing/Hubs vs Switches vs Taps, etc.) and still puzzled, so basically would love to hear any ideas thrown at me by experts.
So: it is Ethernet; 3 devices: 1. a custom device (running embedded linux) 2. a PC (WinXP) where wireshark is running (promiscuous mode, capture all) 3. a PC where a server application is running to which the custom device communicates. all 3 connected to [what is believed to be] a simple hub "CentreCom MR415T repeater" 10BASE-T only (not dual speed). I'm seeing all the traffic I expect to see in Wireshark but NO ARP replies (unless they are sent to the Wireshark PC). For the problem I'm trying to nail it is crucial to tell whether there are NO replies to ARP requests sent by custom device (1) or it (the device) is unable to correctly handle these replies (which is quite possible).
All other symptoms point to the latter but I need to actually SEE and be able to SHOW this as a proof.
Thanks in advance to anyone who replies, Alexei
UPD. 2016/06/09: In advanced settings of Panda Firewall found a tick box "SmartARP" - unticked and this solved the issue.
The ultimate reason of not seeing ARP replies in Wireshark turned out to be: Panda End Point Protection Plus Firewall. Not the most flexible piece of software as far as I can see, creating a User rule for Wireshark to allow both incoming/outcoming does not help in the slightest, but disabling the firewall - does.