From owner-freebsd-hackers Wed Mar 18 00:56:36 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id AAA29280 for freebsd-hackers-outgoing; Wed, 18 Mar 1998 00:56:36 -0800 (PST) (envelope-from owner-freebsd-hackers@FreeBSD.ORG) Received: from citadel.cdsec.com (citadel.cdsec.com [192.96.22.18]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA29274 for ; Wed, 18 Mar 1998 00:56:30 -0800 (PST) (envelope-from gram@cdsec.com) Received: (from nobody@localhost) by citadel.cdsec.com (8.8.5/8.6.9) id LAA18636; Wed, 18 Mar 1998 11:01:41 +0200 (SAT) Received: by citadel via recvmail id 18634; Wed Mar 18 11:01:14 1998 From: Graham Wheeler Message-Id: <199803180900.LAA00222@cdsec.com> Subject: Re: need a reference: data link layer packet transmission To: robert+freebsd@cyrus.watson.org Date: Wed, 18 Mar 1998 11:00:58 +0200 (SAT) Cc: hackers@FreeBSD.ORG In-Reply-To: from "Robert Watson" at Mar 18, 98 03:38:20 am X-Mailer: ELM [version 2.4 PL25-h4.1] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > > For performance testing and bug catching, I would like to be able to > "replay" tcpdump captured packet streams that were promiscuously sniffed > off of a network. Using the existing tcpdump to do this is ideal, as it > timestamps, etc. However, I need to be able to resend the packets over > the network, and not all of the packets of interest are IP-packets. So I > need to be able to manually ship these packets to the link layer for > delivery (on a specific device). I know that bpf can be used for > transmission as well as reception (bpfwrite), but have had a hard time > finding sample source code that uses this transmission; bpf is primarily > intended for listening and not deliver. It's quite easy to do with BPF; you just need to write the packets out with the Ethernet frame header at the start. In the Ethernet header, you will need to put the MAC address of the next hop; you don't need to fill in the source address, as this will be done for you. Bear in mind, however, that any packets written out to a BPF device are `retapped', and so you could see them as received packets if sniffing. But in your case, where you seem to just want a replay, this shouldn't be a problem. -- Dr Graham Wheeler E-mail: gram@cdsec.com Citadel Data Security Phone: +27(21)23-6065/6/7 Internet/Intranet Network Specialists Mobile: +27(83)-253-9864 Firewalls/Virtual Private Networks Fax: +27(21)24-3656 Data Security Products WWW: http://www.cdsec.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message