On Thu, Mar 31, 2011 at 2:43 AM, DjamOlsky <djamol...@gmail.com> wrote: > Aaron Turner ecrivait le 16/03/2011 22:43: > >> Honestly, I wish I could come up with a better naming convention then >> Server/Client or Primary/Secondary... if anyone has any ideas, please >> let me know! > > Thanks for your help, unfortunately, it doesn't solve my issue. > Mabe I am doing wrong... I have to validate an IPS solution following > this network schema: > > IPS > | | > router > / \ > --router---router-- > \ / > laptop (tcpreplay replaying a pcap file) > > The pcap file was recorded on a similar architecture, ip and mac > addresses, obviously are not the same. > I tried several tests, nothing go out from the first level routers. Any > idea? > Thanks again. Cheers.
Make sure you're specifying the MAC addresses of the two routers the laptop is directly attached to. Verify with wireshark or tcpdump that the destination MAC address of the packets leaving your two network cards matches the MAC address of the router on the same NIC. I've seen a lot of people use the MAC address of the device on the other side of the router and that will not work. If you're not sure what the MAC address is of your two routers, ping their IP from your laptop and then use the arp command (arp -an) to view your ARP table and you'll see what MAC address to use. The source MAC addresses should probably be that of your laptop NIC's or just faked (ie: use a MAC that isn't actually in use on your network). If you're still having problems then I highly recommend placing a hub or switch that supports sniffing (often called a SPAN port) to sniff on each link between the routers & IPS and verify the packets are showing up correctly. Your network topology has multiple paths, so it's possible you have a routing issue. -- Aaron Turner http://synfin.net/ Twitter: @synfinatic http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin "carpe diem quam minimum credula postero" ------------------------------------------------------------------------------ Create and publish websites with WebMatrix Use the most popular FREE web apps or write code yourself; WebMatrix provides all the features you need to develop and publish your website. http://p.sf.net/sfu/ms-webmatrix-sf _______________________________________________ Tcpreplay-users mailing list Tcpreplay-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tcpreplay-users Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
