A set of daemon applications communicating over UDP broadcasts on the same machine give me trouble capturing their traffic. The network interface is eth0, it's configured to a static IP and there's no cable plugged in, so the link is down:
# ip addr show eth0
2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
link/ether 00:60:e0:59:7a:80 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.1/24 brd 192.168.0.255 scope global eth0
inet6 fe80::260:e0ff:fe59:7a80/64 scope link
valid_lft forever preferred_lft forever
The applications send UDP broadcast messages to 192.168.0.255, I can not change this. Those message reach the other daemon respectivly, which I can verify by reading their debug logs. This is independent from link status.
However I'm not able to sniff those packages with tcpdump as long as the interface link is down. If I plug in a cable I see the packages coming through. How can I capture those packages to a pcap file without plugging in a cable (which will not be possible in the planned experimental setup).
on the same machineWhy are you using eth0 in the first place? This is what lo0 / loopback is for. – Jun 22 '15 at 16:40