Re: Sending captured packets to a virtual nic

["Quan Doan" <quan () infinity-security com>]

Hi Aaron,
Thank you. But the thing is I would like to monitor those traffic from our
LAN, and I only could capture those packets on my box, then I will transfer
all packets from my box to my monitoring server.
With Ethereal I can not monitor all packets in real-time. So, shortly, I
have captured packets, they come in real-time, but I don't know how to
"replay" those packets to Ethereal. Does the tcpreplay help in this thing?

-----Original Message-----
From: tcpdump-workers-owner () lists tcpdump org
[mailto:tcpdump-workers-owner () lists tcpdump org] On Behalf Of Aaron Turner
Sent: Monday, April 23, 2007 2:09 AM
To: tcpdump-workers () lists tcpdump org
Subject: Re: [tcpdump-workers] Sending captured packets to a virtual nic

On 4/22/07, Quan Doan <quan () ies hu> wrote:
> Hi all,
> I have a problem. I had captured a lot packets from my box, which is a
gateway
> of a LAN. Those packets are sent back to me. Now I have those packets, I
would
> like to use the Ethereal for analyzing them. So, my idea is sending those
> packets to a virtual NIC and the Ethereal will get those packets on the
virtual
> NIC as well. I would like to do that as real-time capturing.
> Does anyone have idea and how to do that?
> Thank you.

If you have a capture of those packets, why not just load the file
directly up in Ethereal/Wireshark?  However, if you really want to
"replay" those packets, look at tcpreplay.

-- 
Aaron Turner
http://synfin.net/
http://tcpreplay.synfin.net/ - Pcap editing & replay tools for Unix
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

Attachment: smime.p7s
Description: