Hi There,
I am trying to replay the following pcap file
<https://www.dropbox.com/s/ic6geyhf91zs0sn/mytestpcap.pcap?dl=0> in a
private subnet of mine for testing purposes. The pcap was captured on a
guest (call it Win7-a)in my vmWare cluster and replayed from another guest
in the same cluster. All of my guest virtual machines in the cluster are
Windows7 clones setup with one NIC (eth0). To replay the pcap I run
"tcpreplay -i eth0 -K --loop1 mytestpcap.pcap. The pcap pretty much
contains a GET to download an eicar virus file. I'm am trying to see that
with our security virtual appliance catches the virus but this does not
seem to happen when I replay. It is my understanding that I don't have to
run tcpreplay from the source machine it self (I.e. Win7-a). I've run
tcpreplay and re-captured the traffic and all looks good there but again
the traffic should flow from Win7-a through my security virtual appliance
and to the eicar server. However the fact that the virus is not being
detected tells me there is something that I am not understanding. When I
execute this test by hand (i.e. accessing the eicar.com.txt virus) from
Win7-a, the security virtual appliance does catch/block the threat. I
should note that I did not do any tcpprep or tcprewrite work on this pcap.
Any help on this matter would be greatly appreciated as I would love to use
this tool to drive many pcaps through my cluster for the sake of
persistence testing.
Thanks much.
randy
------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
Tcpreplay-users mailing list
Tcpreplay-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
