>> I'm a new user of tcpreplay tools, under Debian Etch (version 3.0) on >> intel platform. After a few days trying to use tcpreplay tools, I still >> have a problem. > > What version of tcpreplay?
In Debian Etch, the tcpreplay version is 3.0. Sorry it was not really clear on my fist email. http://packages.debian.org/etch/tcpreplay > >> I have two seperated networks, and I need to capture traffic on the >> first network and replay it in real time on the second network. Between >> these two networks, I have a Debian server with 2 network cards. >> >> I tried to use tcpdump, tcprewrite and tcpreplay with input/ouput >> redirection : >> >> # tcpdump -i eth0 -s0 -w - -U | tcprewrite --portmap=80:8080 --infile=- >> --outfile=- | tcpreplay --intf1=eth1 - >> >> The idea is to dump traffic on the first interface, modify port 80 to >> 8080, and replay it to the second interface. But it doesn't work. When >> I use input/output files, it works fine, but not with pipe. Tcprewrite >> can not use tcpdump output in real time. > > sounds like a job for tcpbridge. But I'm curious by what you mean "it > doesn't work"? Could you provide more details? Seems to work for > me... well sorta. You always seem to loose the last few packets, but > it's prolly due to packets getting lost mid-process when I CTRL-C to > kill it. Could be a cross-platform issue (I tested under OS X), but > that seems unlikely. By "it doesn't work", I mean the traffic on first interface is not replay on the second interface. To try to find the issue, I simplified my command : With # tcpdump -i eth0 -s0 -w - -U | tcpreplay --intf1=eth1 - I can see the traffic from eth0 on eth1, so it works fine. When I add tcprewrite command between tcpdump and tcpreplay, it doesn't work. As I wrote in my first email, I also tried with files, like : # tcpdump -i eth0 -s0 -w /tmp/dump -U # tcprewrite --portmap=80:8080 --infile=/tmp/dump.cap --outfile=/tmp/dump.rewrite # tcpreplay --intf1=eth1 /tmp/dump.rewrite And it works fine too. So I can't understand why tcprewrite doesn't work in real time. >> I also tried to use tcpbridge, but I'm not sureif I can use it on >> promiscuous interface. > > tcpbridge puts the interfaces in promisc mode. Ok thanks, I will try tcpbridge this weekend. But in my case, with tcpdump/tcprewrite/tcpreplay commands, I can capture a part of full traffic with tcpdump expression. Thank you for your quick answer and your help ! Yann ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Tcpreplay-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
