On Sun, Dec 20, 2009 at 4:38 PM, AD RJ <[email protected]> wrote: > I am trying to use tcpreplay in a reproduceable way to try out a new piece > of hardware+software that is supposed to listen on our network for "flagged" > items being transmitted on the network. My bad "stuff" that is supposed to > produce violations in the software are in my pcap, originally recorded on > another network. When I play the pcap, I get nothing from my snazzy > sniffer, i.e. I get no flagged things. > So to verify that I had configured the sniffer software/hardware correctly, > I manually sent a violation through (via normal SMTP email) and the sniffer > software worked, it flagged the stuff. I then recorded a pcap (wireshark) > on my network (via same normal SMTP email) with the violation. And then > replayed the pcap. And then it didn't catch my violation again. > From all indications in wireshark, the packets are all there and being > replayed properly, but I can't just can't reproduce the sniffer violating > items when using tcpreplay. > Can someone with more networking expertise tell me why this may be? I know > the pcap is hitting the destination NIC b/c I can watch the Rx bytes > increase on the sniffing NIC. Is there something I can do to my pcap to > make this work?
Hard to give you a good answer without more information, but your best bet is to make sure your tcpreplay box and sniffer box are directly connected to each other (no switch or hub between). If that still doesn't work, try running tcpdump/Wireshark on a different box and connecting that to your tcpreplay box to make sure tcpreplay is sending the packets out the interface you think it is. -Aaron -- Aaron Turner http://synfin.net/ http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin "carpe diem quam minimum credula postero" ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Tcpreplay-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/tcpreplay-users Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
