Hello there,
the output of the command
sudo tcprewrite --enet-dmac=00:19:D1:07:0F:73
--enet-smac=00-24-8C-0B-CA-A2 --infile=dhcp.pcap --outfile=output.pcap
and
sudo tcpreplay --intf1=eth0
"output.pcap"
Output
----------
sending out eth0
processing file: output.pcap
Actual: 4 packets (1312 bytes) sent in 0.07 seconds
Rated: 18742.9 bps, 0.14 Mbps, 57.14 pps
Statistics for network device: eth0
Attempted packets: 4
Successful
packets: 4
Failed
packets: 0
Retried packets
(ENOBUFS): 0
Retried packets
(EAGAIN): 0
And on the destination PC with mac00:19:D1:07:0F:73, i was not able to see the
4 packets of DHCP through wireshark
________________________________
From: Aaron Turner <synfina...@gmail.com>
To: Main forum for tcpreplay <tcpreplay-users@lists.sourceforge.net>
Sent: Thursday, December 15, 2011 9:39 PM
Subject: Re: [Tcpreplay-users] sending pcap files from one computer to another
using tcpreplay
On Thu, Dec 15, 2011 at 11:08 AM, Prosiac Akin <cramped_ga...@yahoo.com> wrote:
> i followed your instructions with the commands mentioned below
> tcprewrite --enet-dmac=00:55:22:AF:C6:37 --enet-smac=00:44:66:FC:29:AF
> --infile=input.pcap --outfile=output.pcap
>
> tcpreplay --intf1=eth0 "output.pcap"
>
> no error was seeen with this command, however, i cannot see the packets
> through wireshark.
What is the report at the end of the tcpreplay command? How many
packets were sent?
> Is it because i am doing this all in Vmware platform??? ( I am using the
> virtual mac address for smac taken from ubuntu installed in vmware). If yes,
> what could be its possible solution???
Honestly, I don't use VMWware so I don't know, but it's quite possible.
> (I was wondering about its usage. can you please clarify me what this
> command is actually doing. Why do we need that --outfile??? Even if we give
> the same pcap name as input.pcap, the command works fine. So i am really
> confused)
--outfile is for specifying the new, modified pcap file name. If you
don't specify --outfile and tcprewrite doesn't complain that it's a
required option, then that's a bug and you likely have an old version
of tcprewrite (I don't believe the current version has this bug). You
really shouldn't use the same value as infile as bad things will
likely happen (you'll probably truncate the pcap so it has no packets)
which may explain why wireshark didn't see any.
--
Aaron Turner
http://synfin.net/ Twitter: @synfinatic
http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety.
-- Benjamin Franklin
"carpe diem quam minimum credula postero"
------------------------------------------------------------------------------
10 Tips for Better Server Consolidation
Server virtualization is being driven by many needs.
But none more important than the need to reduce IT complexity
while improving strategic productivity. Learn More!
http://www.accelacomm.com/jaw/sdnl/114/51507609/
_______________________________________________
Tcpreplay-users mailing list
Tcpreplay-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
------------------------------------------------------------------------------
10 Tips for Better Server Consolidation
Server virtualization is being driven by many needs.
But none more important than the need to reduce IT complexity
while improving strategic productivity. Learn More!
http://www.accelacomm.com/jaw/sdnl/114/51507609/
_______________________________________________
Tcpreplay-users mailing list
Tcpreplay-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
