On a MacOSX, using the latest (0.99.3a) version of wireshark, I am attempting to run in one terminal a:
$sudo tcpreplay -i lo0 capture-file.cap (or even -R to speed up the process) while in a wireshark *session* reading out of the same lo0 (local interface on a MacOSX), but I am getting for all traffic IP header length = 0 (should be at least 20), thus nothing interpreted. The capture-file.cap was previously obtained via a wireshark capture session of a real TCP session, produced with *against* a real network interface (en0 in the case of this specific MacOSX system I am working with). If I open the capture file - itself - in wireshark, everything looks fine. Is there any logic fault here (wrong assumption of mine that I could write to the local interface, using tcpreplay, while capturing from the same, while using wireshark), or am I missing something else here? Please do not ask me why I would not simply read the file in wireshark - I am shooting for something different here, and this is just one (first) step. Thanks, Stefan _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users