This thread on the Wireshark mailing list brought up the issue of not being able to use Tcpreplay with the loopback interface on FreeBSD, e.g.:
orr:/root# tcpreplay -i lo0 /data/lpc/1.lpc
sending out lo0
processing file: /data/lpc/1.lpc
Unable to send packet: Address family not supported by protocol family
Here is an alternative: use tap0.
orr:/root# ifconfig tap0
ifconfig: interface tap0 does not exist
orr:/root# dd if=/dev/tap0 of=/dev/null bs=1500 &
[1] 9468
orr:/root# ifconfig tap0 up
orr:/root# ifconfig tap0
tap0: flags=8843mtu 1500
inet6 fe80::2bd:1dff:fe2d:4d00%tap0 prefixlen 64 scopeid 0x5
ether 00:bd:1d:2d:4d:00
Opened by PID 9468
orr:/root# tcpreplay -i tap0 /data/lpc/1.lpc
sending out tap0
processing file: /data/lpc/1.lpc
^C
Actual: 71 packets (6860 bytes) sent in 6.15 seconds
Rated: 1115.0 bps, 0.01 Mbps/sec, 11.54 pps
In a second window, sniff with Tcpdump or whatever program you want:
orr:/root# tcpdump -n -i tap0 -s 1515
tcpdump: WARNING: tap0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tap0, link-type EN10MB (Ethernet), capture size 1515 bytes
10:25:16.211443 00:0d:28:6c:f5:4f > 01:00:0c:cc:cc:cd sap aa ui/C
10:25:17.567563 IP 192.168.2.5.2882 > 10.20.2.19.22:
P 1293772727:1293772779(52) ack 478395919 win 64444
I discussed this in my first book and in my network security monitoring class.
0 komentar:
Posting Komentar