The FAQ contains the following question and subsequent answer which I have
found confusing.
>
> Can I send packets on the same computer running
> tcpreplay?<http://tcpreplay.synfin.net/wiki/FAQ#CanIsendpacketsonthesamecomputerrunningtcpreplay>
>
> Generally speaking no. When tcpreplay sends packets, it injects them
> between the TCP/IP stack of the system and the device driver of the network
> card. The result is the TCP/IP stack system running tcpreplay never sees
> the packets.
>
> One suggestion that has been made is using something like
> VMWare<http://www.vmware.com/>
> , Parallels <http://www.parallels.com/> or Xen<http://www.xensource.com/>.
> Running tcpreplay in the virtual machine (guest) would allow packets to be
> seen by the host operating system.
>
So let's say I'm testing a firewall and I have one NIC connected to the
outside of the firewall and one NIC connected to the inside. If the
firewall blocks all the traffic that was previously allowed (as when the
.pcap file was created) then I will need to examine the firewall traffic
logs to verify this. Tcpreplay will indicate all packets successful because
all it does is put them on the wire, and has no knowledge as to whether the
socket was actually working. Do I have that right? Feel free to be verbose,
I'm trying to learn all I can.
The reason I ask is because I have done this very thing and have been
confused when tcpreplay says all packets on both NICs are successful, when
in fact there is no way they actually made it through the firewall.
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Tcpreplay-users mailing list
Tcpreplay-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
