yes, tcpreplay is sending the traffic out eth0. tcpdump is looking at traffic going in OR out eth0 although I suppose it could be OS dependent whether or not you'd see traffic being sent by tcpreplay since it's bypassing the TCP/IP stack of the kernel.
My past experience with Linux, is that it does see traffic being sent by tcpreplay but it's possible that behavior has changed. Your best bet is to connect your Linux box to another computer directly (no switch inbetween) and sniff on the 2nd box. That would be the most accurate way to check. If you want to know when tcpreplay sends a packet, you can use the -v flag and it will print the packet as it's sent. -Aaron On Jan 30, 2008 11:05 AM, Craig Carl <[EMAIL PROTECTED]> wrote: > So in theory if this is working - > > sudo dumpcap -i ath2 -w - | airdecap-ng - | sudo tcpreplay --intf1=eth0 > /dev/stdin > > and receiving a constant flow of traffic and then at the same time in a > different window I run > > sudo tcpdump -i eth0 > > I should see the traffic coming off of ath2? If I've got that much right > conceptually I can start troubleshooting the details. I guess I am a little > confused by the idea of "in" and "out" on an interface. Is tcpreplay sending > the traffic "out" and tcpdump is looking for traffic coming "in"? > > Thanks, > > Craig ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Tcpreplay-users mailing list Tcpreplay-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
