I'm having an odd problem when using BPF programs (like tcpdump and nmap) over the Parallels host-only and shared-networking virtual interfaces. It appears as though only broadcast & multicast traffic is captured by BPF, regardless of what filters I apply. I'm running Parallels Desktop build 5582 and OS X Leopard 10.5.1. For example, if I run "sudo tcpdump -nei en2" (where en2 is my host-only virtual adapter) while running "ping -c 4 10.37.129.3" (where 10.37.129.3 is the IP address of my guest OS), I get these results... In one window: $ sudo tcpdump -nei en2 Password: tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on en2, link-type EN10MB (Ethernet), capture size 96 bytes 15:26:34.503298 00:1c:42:00:00:00 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: arp who-has 10.37.129.3 tell 10.37.129.2 ^C 1 packets captured 1 packets received by filter 0 packets dropped by kernel At the same time, in another window: $ ping -c 4 10.37.129.3 PING 10.37.129.3 (10.37.129.3): 56 data bytes 64 bytes from 10.37.129.3: icmp_seq=0 ttl=128 time=0.317 ms 64 bytes from 10.37.129.3: icmp_seq=1 ttl=128 time=0.819 ms 64 bytes from 10.37.129.3: icmp_seq=2 ttl=128 time=0.297 ms 64 bytes from 10.37.129.3: icmp_seq=3 ttl=128 time=0.284 ms --- 10.37.129.3 ping statistics --- 4 packets transmitted, 4 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.284/0.429/0.819/0.225 ms I cannot run advanced nmap scans against guest PC's, since nmap never sees the unicast responses through the BPF device. I also cannot run tcpdump, or similar programs, to analyze traffic originating from guest PC's. Any suggestions? Thanks. - Mike
