From: Sargrad, D. <Dav...@sa...> - 2012-02-15 19:46:39
|
I captured a single packet pcap file as follows: tcpdump port 34102 -i eth5 -w hello1.pcap -s 0 I subsequently replay this as follows: sudo tcpreplay --intf1=eth5 hello1.pcap The packet shows up in tcpdump: 18:33:58.356808 00:15:17:9e:3f:f0 (oui Unknown) > 01:00:5e:7b:00:00 (oui Unknown), ethertype IPv4 (0x0800), length 110: (tos 0x0, ttl 10, id 0, offset 0, flags [DF], proto UDP (17), length 96) elora.54106 > 224.123.0.0.34102: [udp sum ok] UDP, length 68 0x0000: 4500 0060 0000 4000 0a11 8d62 c0a8 4207 0x0010: e07b 0000 d35a 8536 004c 2e8a 0000 001d 0x0020: 0a19 08aa d5d6 aa05 1000 18ff ffff ff0f 0x0030: 2000 2800 30eb add3 91d8 2610 0000 0000 0x0040: 1f0a 1908 aad5 d6aa 0510 6618 ffff ffff 0x0050: 0f20 0028 0030 ebad d391 d826 1001 2001 But it does not make it into my application. This application has no trouble picking up the initial packet (the one that was captured into a pcap file). Indeed the application interface is quite well tested, and can receive packets through normal channels. It just does not seem to be able to pick up the tcpreplayed packet. I am new to tcpreplay, but its usage seems quite straightforward. Why does tcpdump see the replayed packet, but my application does not? Any help would be appreciated. Thank you. - This message is intended only for the addressee and may contain information that is company confidential or privileged. Any technical data in this message may be exported only in accordance with the U.S. International Traffic in Arms Regulations (22 CFR Parts 120-130) or the Export Administration Regulations (15 CFR Parts 730-774). Unauthorized use is strictly prohibited and may be unlawful. If you are not the intended recipient, or the person responsible for delivering to the intended recipient, you should not read, copy, disclose or otherwise use this message. If you have received this email in error, please delete it, and advise the sender immediately. - |