On Wed, Jun 29, 2011 at 10:04 AM, Andrey <and...@cs.dal.ca> wrote: > Well I was checking if the packets arrived using wireshark. I have > been told that they are basically the same. > When I use tcpdump with -p option I get few packets which are lab > traffic and the replayed traffic is not seen. > When I stop tcpdumb it says something like: > 19 packets captured > 12428 packets received by filter > 12379 packets dropped by kernel > > Now, do I need to change the destination address or not?
Yes. iptables doesn't run in promiscuous mode so it's only seeing the traffic you're seeing with tcpdump -p. > I have tried changing it before using tcprewrite, but all without success. You'll have to provide more details. I highly recommend reading: http://tcpreplay.synfin.net/wiki/tcprewrite > The destination host does not have ipv4 address at the moment just a > MAC address, because we are doing traffic mirroring to get the data > from the sender to destination host. > Would that be a problem or it does not affect anything? Well you'll definitely need to fix the destination MAC address. Without that, your NIC is dropping the packets and not even passing them to the kernel. As for the IP address, well that depends on what you're trying to do, but I'd try fixing the destination MAC address first. -- Aaron Turner http://synfin.net/ Twitter: @synfinatic http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin "carpe diem quam minimum credula postero" ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 _______________________________________________ Tcpreplay-users mailing list Tcpreplay-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tcpreplay-users Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
