Snort mailing list archives
Re: [RGSPAM] Re: Semi-OT: Re-inject tcpdump captured traffic
From: Jordi Espasa Clofent <jordi.espasa () opengea org>
Date: Thu, 06 Dec 2007 19:17:01 +0100
I just tried this and it worked. 1) log some ping packets: daemonlogger -i en0 -c 20 icmp 2) replay the packets daemonlogger -R daemonlogger.pcap.1196963946 -o en0 3) run tcpdump to capture and compare the output tcpdump -nvi en0 icmp
Yes Martin, you've all the reason: it works fine. Maybe I was confusing some flags or working on too much traffic (your example, taking only a few ICMP packet is so clear).
What kind of interface is vr0 (what link type)?
[root@ares /]# ifconfig | grep media: media: Ethernet 100baseTX <full-duplex> It's a vr(4) based NIC on FreeBSD 7.0-beta3 system. I have to repeat it's my personal computer at home. A folk response my initial question in private way and he has said: "all tools (including tcpreplay and tomawhak) max speed is 200Mbps-300Mbps, for more performance, add host ... " ¿Is it also the case of daemontools? Maybe I need more... -- Thanks Jordi Espasa Clofent ------------------------------------------------------------------------- SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Semi-OT: Re-inject tcpdump captured traffic Jordi Espasa Clofent (Dec 06)
- <Possible follow-ups>
- Re: Semi-OT: Re-inject tcpdump captured traffic Nathaniel Richmond (Dec 06)
- Re: Semi-OT: Re-inject tcpdump captured traffic Jordi Espasa Clofent (Dec 06)
- Re: Semi-OT: Re-inject tcpdump captured traffic JJ Cummings (Dec 06)
- Re: Semi-OT: Re-inject tcpdump captured traffic JJ Cummings (Dec 06)
- Re: Semi-OT: Re-inject tcpdump captured traffic Jordi Espasa Clofent (Dec 06)
- Re: [RGSPAM] Re: Semi-OT: Re-inject tcpdump captured traffic Martin Roesch (Dec 06)
- Re: [RGSPAM] Re: Semi-OT: Re-inject tcpdump captured traffic Jordi Espasa Clofent (Dec 06)
- Re: [RGSPAM] Re: Semi-OT: Re-inject tcpdump captured traffic Martin Roesch (Dec 06)
- Re: [RGSPAM] Re: Semi-OT: Re-inject tcpdump captured traffic Jordi Espasa Clofent (Dec 06)
- Re: [RGSPAM] Re: Semi-OT: Re-inject tcpdump captured traffic Jon Hart (Dec 06)
- Re: [RGSPAM] Re: Semi-OT: Re-inject tcpdump captured traffic Jordi Espasa Clofent (Dec 06)
- Re: Semi-OT: Re-inject tcpdump captured traffic Jordi Espasa Clofent (Dec 06)