what are the tcpreplay / wireshark commands you are running? -- Aaron Turner https://synfin.net/ Twitter: @synfinatic Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin
On Sat, Aug 13, 2016 at 6:24 PM, Big Strong <fangtu...@gmail.com> wrote: > I got the same result with the command 'tcpprep -I sample.cache'. The client > to server traffic (primary) is sent by eth1, and the server to traffic is > sent by eth2. So by dump traffic on eth1/eth2, I should only get > primary/secondary traffic, right? However, all the packets of the > sample.pcap are observed by wireshark during my test. > > 2016-08-14 4:13 GMT+08:00 Aaron Turner <synfina...@gmail.com>: >> >> The result is: >> >> $ tcpprep -I sample.cache >> >> Packet 1 -> Primary >> Packet 2 -> Primary >> Packet 3 -> Primary >> Packet 4 -> Primary >> Packet 5 -> Primary >> Packet 6 -> Primary >> Packet 7 -> Primary >> Packet 8 -> Primary >> Packet 9 -> Secondary >> Packet 10 -> Secondary >> Packet 11 -> Secondary >> Packet 12 -> Secondary >> Packet 13 -> Secondary >> Packet 14 -> Secondary >> Packet 15 -> Secondary >> Packet 16 -> Secondary >> Packet 17 -> Primary >> Packet 18 -> Primary >> Packet 19 -> Primary >> Packet 20 -> Primary >> Packet 21 -> Secondary >> Packet 22 -> Secondary >> Packet 23 -> Primary >> Packet 24 -> Primary >> Packet 25 -> Secondary >> Packet 26 -> Secondary >> Packet 27 -> Primary >> Packet 28 -> Primary >> Packet 29 -> Primary >> Packet 30 -> Primary >> >> Which after a quick glance at your sample.pcap file looks about right >> to me. What were you expecting? How do you define 'client' and >> 'server'? >> >> -- >> Aaron Turner >> https://synfin.net/ Twitter: @synfinatic >> Those who would give up essential Liberty, to purchase a little temporary >> Safety, deserve neither Liberty nor Safety. >> -- Benjamin Franklin >> >> >> On Sat, Aug 13, 2016 at 8:20 AM, Big Strong <fangtu...@gmail.com> wrote: >> > The attachment is my pcap file. >> > I use "tcpprep --cidr 172.20.0.0/16 --pcap=sample.pcap >> > --cachefile=sample.cache" to separate the server and client traffic, >> > then >> > replay it with "tcpreplay -i eth1 -I eth2 -c sample.cache sample.pcap". >> > Then >> > I capture the traffic of eth1 with wireshark, but find both server and >> > client traffic. Should not it be only server traffic? >> > >> > >> > ------------------------------------------------------------------------------ >> > What NetFlow Analyzer can do for you? Monitors network bandwidth and >> > traffic >> > patterns at an interface-level. Reveals which users, apps, and protocols >> > are >> > consuming the most bandwidth. Provides multi-vendor support for NetFlow, >> > J-Flow, sFlow and other flows. Make informed decisions using capacity >> > planning reports. http://sdm.link/zohodev2dev >> > _______________________________________________ >> > Tcpreplay-users mailing list >> > Tcpreplay-users@lists.sourceforge.net >> > https://lists.sourceforge.net/lists/listinfo/tcpreplay-users >> > Support Information: http://tcpreplay.synfin.net/trac/wiki/Support >> >> >> ------------------------------------------------------------------------------ >> What NetFlow Analyzer can do for you? Monitors network bandwidth and >> traffic >> patterns at an interface-level. Reveals which users, apps, and protocols >> are >> consuming the most bandwidth. Provides multi-vendor support for NetFlow, >> J-Flow, sFlow and other flows. Make informed decisions using capacity >> planning reports. http://sdm.link/zohodev2dev >> _______________________________________________ >> Tcpreplay-users mailing list >> Tcpreplay-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users >> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support > > ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. http://sdm.link/zohodev2dev _______________________________________________ Tcpreplay-users mailing list Tcpreplay-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tcpreplay-users Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
