[Snort-users] [RGSPAM] Re: Semi-OT: Re-inject tcpdump captured traffic
roesch at ...1935...
Thu Dec 6 13:03:38 EST 2007
I just tried this and it worked.
1) log some ping packets:
daemonlogger -i en0 -c 20 icmp
2) replay the packets
daemonlogger -R daemonlogger.pcap.1196963946 -o en0
3) run tcpdump to capture and compare the output
tcpdump -nvi en0 icmp
What kind of interface is vr0 (what link type)?
On Dec 6, 2007, at 12:22 PM, Jordi Espasa Clofent wrote:
>> You might want to check out DaemonLogger, it's got a replay mode as
>> as a real-time tap mode as well as being a packet logger itself.
>> Basically, DaemonLogger can capture traffic off of one interface
>> to the disk (logger mode), retransmit it out another interface in
>> real-time (tap mode) or replay a pcap file (replay mode).
>> You can get it at
> Very great tool Martin!
> I cannot understand exactly the way to do what I want. I've tried it
> my own personal computer at home (with only 1 NIC, vr0).
> 1) Sniffing the traffic in very big chunks of time/data (1GB)
> $ daemonlogger -i vr0 -c 1000000000
> 2. Replay the traffic on the same NIC
> $ daemonlogger -R daemonlogger.pcap.1196961141 -o vr0
> To check the re-injection process I quit the ethernet wire and
> launch a
> tcpdump instance at the same time I lauch the step number 2; I think
> tcpdump should show traffic, so it's completely localhost traffic.
> $ tcpdump -i vr0 -v
> ...but no traffic is showed.
> ¿It means that the re-injection process is incorrect?
> ¿How to do it?
> Jordi Espasa Clofent
> SF.Net email is sponsored by: The Future of Linux Business White Paper
> from Novell. From the desktop to the data center, Linux is going
> mainstream. Let it simplify your IT future.
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source IDP - http://www.snort.org
More information about the Snort-users