The attachment is my pcap file. I use "tcpprep --cidr 172.20.0.0/16 --pcap=sample.pcap --cachefile=sample.cache" to separate the server and client traffic, then replay it with "tcpreplay -i eth1 -I eth2 -c sample.cache sample.pcap". Then I capture the traffic of eth1 with wireshark, but find both server and client traffic. Should not it be only server traffic?
sample.pcap
Description: Binary data
------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. http://sdm.link/zohodev2dev
_______________________________________________ Tcpreplay-users mailing list Tcpreplay-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tcpreplay-users Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
