On Wednesday 20 September 2006 21:53, Guy Harris wrote: > Netfortius wrote: > > On a MacOSX, using the latest (0.99.3a) version of wireshark, I am > > attempting to run in one terminal a: > > > > $sudo tcpreplay -i lo0 capture-file.cap (or even -R to speed up the > > process) > > > > while in a wireshark *session* reading out of the same lo0 (local > > interface on a MacOSX), but I am getting for all traffic IP header length > > = 0 (should be at least 20), thus nothing interpreted. > > > > The capture-file.cap was previously obtained via a wireshark capture > > session of a real TCP session, produced with *against* a real network > > interface (en0 in the case of this specific MacOSX system I am working > > with). > > Does tcpreplay support reading from a capture file on an Ethernet > interface (with a link-layer type of DLT_EN10MB) and sending it on a BSD > loopback interface (with a link-layer type of DLT_NULL)? > > If not, that's the problem.
You're probably right - I do remember having been able to do something similar on Linux (not with wireshark - but originating in tcpreplay - which defintely points the problem to this one), so it is probably a kernel modification and/or libnet problem with the BSD *under* MacOSX' hood ... :( Thanks a bunch, Stefan _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users