On Wed, Jun 29, 2011 at 9:04 AM, Andrey <and...@cs.dal.ca> wrote: > Hello, > > I am trying to make layer 7 userspace filter to see the traffic in a pcap > file. > To do so I need to create an iptables rule that will direct the > traffic to QUEUE which layer 7 listens to. > My problem is that iptables seem to be empty when I replay the traffic > with tcpreplay. > I am using 2 computers , one is sending the data and the other is > receiving it using mirroring. > The traffic can be seen on the receiving computer with tcpdump, but > iptables is still empty. > Could someone tell me how to fix this? I am not sure if the problem is > with tcpreplay or iptables or something else.
Based on your description, I'd have to guess that the destination MAC/IP address of the packets being sent by tcpreplay is not that of the target host running iptables. You can use tcprewrite to edit the packets to fix that. -- Aaron Turner http://synfin.net/ Twitter: @synfinatic http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin "carpe diem quam minimum credula postero" ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 _______________________________________________ Tcpreplay-users mailing list Tcpreplay-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tcpreplay-users Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
