Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [RGSPAM] Re: Semi-OT: Re-inject tcpdump captured traffic

From: Jordi Espasa Clofent <jordi.espasa () opengea org>
Date: Thu, 06 Dec 2007 19:17:01 +0100
I just tried this and it worked.

1) log some ping packets:

daemonlogger -i en0 -c 20 icmp

2) replay the packets

daemonlogger -R daemonlogger.pcap.1196963946 -o en0

3) run tcpdump to capture and compare the output

tcpdump -nvi en0 icmp


Yes Martin, you've all the reason: it works fine. Maybe I was confusing 
some flags or working on too much traffic (your example, taking only a 
few ICMP packet is so clear).


What kind of interface is vr0 (what link type)?


[root@ares /]# ifconfig | grep media:
         media: Ethernet 100baseTX <full-duplex>

It's a vr(4) based NIC on FreeBSD 7.0-beta3 system. I have to repeat 
it's my personal computer at home.

A folk response my initial question in private way and he has said:

"all tools (including tcpreplay and tomawhak) max speed is 200Mbps-300Mbps,
for more performance, add host ... "

¿Is it also the case of daemontools? Maybe I need more...

-- 
Thanks
Jordi Espasa Clofent

-------------------------------------------------------------------------
SF.Net email is sponsored by: The Future of Linux Business White Paper
from Novell.  From the desktop to the data center, Linux is going
mainstream.  Let it simplify your IT future.
http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: