On Mon, Oct 3, 2011 at 10:26 AM, Posey Mak <poseyb...@ymail.com> wrote: > what's the reason behind it...is it where tcpreplay injects the > packet...bypassing the kernel's ability to push the packet up to the > application? i coded up a simple client to multicast data to the loopback > via socket call...i see that the src and dest mac addresses are both zeroed > out when captured with tcpdump. i used tcpreplay-edit to zero out both the > src and dest mac addresses...and recalc checksum...it still does not work. > thoughts? thanks.
Basically, tcpreplay injects the packets between the network card driver and the IP stack and thereby bypasses the IP stack completely. tcpdump/wireshark are sniffing at the same level which is why you can see the packets being sent. -- Aaron Turner http://synfin.net/ Twitter: @synfinatic http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin "carpe diem quam minimum credula postero" ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 _______________________________________________ Tcpreplay-users mailing list Tcpreplay-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tcpreplay-users Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
