TLDR: Why would a layer 2 packet injection of a PING request not work on a computer, when the packet is an identically structured packet from a successful packet injection PING request from the "pinging" computer? (essentially why would a spoofed ping request fail?)
Test Setup/ Issue:
I have two computers, A (192.168.0.36) & B (192.168.0.36), connected directly via Ethernet.
I manually create and inject a PING request on A to ping B (i.e. as if running "ping 192.168.0.37" from a terminal on A). This works, and I can see B receive and respond to the ping request using Wireshark on computer B.
Then, I manually create and inject an identical PING request (from the test above) on B to ping B (i.e. as if running "ping 192.168.037" on A, except injected directly into B's Ethernet interface from software run locally on B). The injection works and Wireshark shows a packet identical to the original test from A to B, expect it is met with no response.
My question is, why?
I'm assuming I'm lacking something fundamental about network interface security or OS security settings or something.
I'm running Ubuntu 16.04. I'm injecting packets with manually created Layer 2 headers. I am setting cap_net_raw,cap_net_admin+eip on my executable. Following code/guidance from this site: http://www.pdbuchan.com/rawsock/rawsock.html
In Wireshark main image, first to ping entries show a successful transaction from my own injected packets onto computer A. The last entry is the spoofed packet injected by me directly on to computer B. Packets are identical. Second Wireshark shows the packets side by side. Wireshark Main View Packets Side by Side
