When I use Wireshark to examine the ARP packets, I get requests like this:
It is sent from 192.168.0.1
, which is not one of my computer’s interfaces, to 192.168.0.105
, which is my computer’s wireless adapter.
As far as I understand, Wireshark can only capture packets sent to and recieved by my computer’s interfaces, that my OS drivers manage. Am I wrong?
In case someone is not familiar, ARP unicast requests are used for purpose described in RFC 1122:
2.3.2 Address Resolution Protocol -- ARP 2.3.2.1 ARP Cache Validation An implementation of the Address Resolution Protocol (ARP) MUST provide a mechanism to flush out-of-date cache entries. If this mechanism involves a timeout, it SHOULD be ... IMPLEMENTATION: Four mechanisms have been used, sometimes in combination, to flush out-of-date cache entries. ... (2) Unicast Poll -- Actively poll the remote host by periodically sending a point-to-point ARP Request to it, and delete the entry if no ARP Reply is received from N successive polls. Again, the timeout should be on the order of a minute, and typically N is 2.