Date: Sat, 3 Jan 2004 13:29:14 -0800 (PST) From: Richard Bejtlich <richard_bejtlich@yahoo.com> To: freebsd-net@freebsd.org Subject: Tcpreplay on single system? Message-ID: <20040103212914.13796.qmail@web60804.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help
Hello, I've been trying to find the best way to replay traffic with tcpreplay and have various tools on the same system listen for that traffic. In other words, I'd like a single box traffic replay and analysis system. This is the way I have tools that can't read libpcap files process libpcap data. Note I'm trying to do this with a virtual interface, not a physical interface. Tcpreplay relies on libnet, which according to the tcpreplay FAQ *does* allow sending traffic using lo0 in the very latest release (libnet 1.1.1). I haven't tried that yet. I've gotten the following to work and I was hoping for comments. I use a tap0 interface, thanks to this thread: http://unix.derkeiler.com/Mailing-Lists/FreeBSD/net/2003-09/0176.html I use a FreeBSD 4.9 STABLE system. Can anyone comment on why I have to do an 'ifconfig tap0' before the second line works? /dev/tap0 exists already. janney# uname -a FreeBSD janney.taosecurity.com 4.9-STABLE FreeBSD 4.9-STABLE #0: Tue Dec 23 10:28:02 EST 2003 root@janney.taosecurity.com:/usr/obj/usr/src/sys/janney i386 janney# ls -al /dev/tap* crw------- 1 root network 149, 0 Jan 3 16:09 /dev/tap0 crw------- 1 root network 149, 1 Jan 3 16:05 /dev/tap1 crw------- 1 root network 149, 2 Dec 23 08:41 /dev/tap2 crw------- 1 root network 149, 3 Dec 23 08:41 /dev/tap3 janney# dd if=/dev/tap0 of=/dev/null bs=1500 & [1] 213 janney# dd: /dev/tap0: Device not configured [1] Exit 1 dd if=/dev/tap0 of=/dev/null bs=1500 janney# ifconfig tap0 ifconfig: interface tap0 does not exist janney# dd if=/dev/tap0 of=/dev/null bs=1500 & [1] 215 janney# ifconfig tap0 tap0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500 ether 00:bd:cd:09:01:00 Opened by PID 215 >From here I can use tcpreplay to send traffic to tap0 and also listen on tap0. I've tried creating ngeth0 but tcpreplay can't seem to find it. Is there a better way to do this? Thank you, Richard http://www.taosecurity.com __________________________________ Do you Yahoo!? Free Pop-Up Blocker - Get it now http://companion.yahoo.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040103212914.13796.qmail>