From owner-freebsd-net@FreeBSD.ORG Sat Jan 3 13:29:18 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 68B1216A4CE for ; Sat, 3 Jan 2004 13:29:18 -0800 (PST) Received: from web60804.mail.yahoo.com (web60804.mail.yahoo.com [216.155.196.67]) by mx1.FreeBSD.org (Postfix) with SMTP id 4A1D043D2F for ; Sat, 3 Jan 2004 13:29:15 -0800 (PST) (envelope-from richard_bejtlich@yahoo.com) Message-ID: <20040103212914.13796.qmail@web60804.mail.yahoo.com> Received: from [68.84.6.72] by web60804.mail.yahoo.com via HTTP; Sat, 03 Jan 2004 13:29:14 PST Date: Sat, 3 Jan 2004 13:29:14 -0800 (PST) From: Richard Bejtlich To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Tcpreplay on single system? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Jan 2004 21:29:18 -0000 Hello, I've been trying to find the best way to replay traffic with tcpreplay and have various tools on the same system listen for that traffic. In other words, I'd like a single box traffic replay and analysis system. This is the way I have tools that can't read libpcap files process libpcap data. Note I'm trying to do this with a virtual interface, not a physical interface. Tcpreplay relies on libnet, which according to the tcpreplay FAQ *does* allow sending traffic using lo0 in the very latest release (libnet 1.1.1). I haven't tried that yet. I've gotten the following to work and I was hoping for comments. I use a tap0 interface, thanks to this thread: http://unix.derkeiler.com/Mailing-Lists/FreeBSD/net/2003-09/0176.html I use a FreeBSD 4.9 STABLE system. Can anyone comment on why I have to do an 'ifconfig tap0' before the second line works? /dev/tap0 exists already. janney# uname -a FreeBSD janney.taosecurity.com 4.9-STABLE FreeBSD 4.9-STABLE #0: Tue Dec 23 10:28:02 EST 2003 root@janney.taosecurity.com:/usr/obj/usr/src/sys/janney i386 janney# ls -al /dev/tap* crw------- 1 root network 149, 0 Jan 3 16:09 /dev/tap0 crw------- 1 root network 149, 1 Jan 3 16:05 /dev/tap1 crw------- 1 root network 149, 2 Dec 23 08:41 /dev/tap2 crw------- 1 root network 149, 3 Dec 23 08:41 /dev/tap3 janney# dd if=/dev/tap0 of=/dev/null bs=1500 & [1] 213 janney# dd: /dev/tap0: Device not configured [1] Exit 1 dd if=/dev/tap0 of=/dev/null bs=1500 janney# ifconfig tap0 ifconfig: interface tap0 does not exist janney# dd if=/dev/tap0 of=/dev/null bs=1500 & [1] 215 janney# ifconfig tap0 tap0: flags=8802 mtu 1500 ether 00:bd:cd:09:01:00 Opened by PID 215 >From here I can use tcpreplay to send traffic to tap0 and also listen on tap0. I've tried creating ngeth0 but tcpreplay can't seem to find it. Is there a better way to do this? Thank you, Richard http://www.taosecurity.com __________________________________ Do you Yahoo!? Free Pop-Up Blocker - Get it now http://companion.yahoo.com/