[Tcpreplay-users] (no subject)

Thu, 10 Nov 2011 10:41:42 -0800 

I have a question regarding how to split a pcap based on direction in order to 
replay only one of the directions.
I am running tcpreplay  version: 3.4.3 (build 2375).   Not sure how to find out 
tcpdump version.
My workload is a client-server workload in which one windows client is sending 
UDP bootpc protocols to the server who is replying whatever.  I captured the 
traffic on the server by specifying the eth0 interface so it has all the 
traffic as seen at that interface.
Now I want to tcpreplay all the client-> server requests to the same server,   
without the (real) clients.    I can run the tcpreplay on the server itself or 
somewhere else.    I thought I would run it on a different machine,    call it 
pseudo-client,    on which I would set up a virtual bridge interface e.g. 
virbr0,  giving that interface the exact same MAC addr and IP addr as the 
(real) windows client,  and sending the client traffic outbound via virbr0.
I see the description of tcpprep to create a cache file representing the split, 
  so I did that,  specifying        --mac=<client_mac>   --reverse 
--pcap=tcpdumpfile --cachefile=client1.cachewhich seemed to workand then tried 
this tcpreplay              tcpreplay --intf2=virbr0 --cachefile=client1.cache  
 ###    since I want only client traffic,  which is --intf2
but it didn't like it  :    ERROR:  The intf1 option is required
So I set up another virbr1 to take the server traffic with an iptable rule to 
drop all traffic from virbr1,  and then it seems to work,   but no traffic 
reaches the server,  although tcpreplay reports it has sent the traffic out.
Am I doing this the right way?         Or is this something tcpreplay is not 
really intended for?
Cheers,   John Lumby                                      
------------------------------------------------------------------------------
RSA(R) Conference 2012
Save $700 by Nov 18
Register now
http://p.sf.net/sfu/rsa-sfdev2dev1
_______________________________________________
Tcpreplay-users mailing list
Tcpreplay-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
Support Information: http://tcpreplay.synfin.net/trac/wiki/Support

Reply via email to