| Main Archive Page > Month Archives > snort-users archives |
Re: [Snort-users] [RGSPAM] Re: Semi-OT: Re-inject tcpdump captured traffic
From: Jordi Espasa Clofent <jordi.espasa_at_nospam>Date: Thu Dec 06 2007 - 18:17:01 GMT
To: snort-users@lists.sourceforge.net
> I just tried this and it worked.
>
> 1) log some ping packets:
>
> daemonlogger -i en0 -c 20 icmp
>
> 2) replay the packets
>
> daemonlogger -R daemonlogger.pcap.1196963946 -o en0
>
> 3) run tcpdump to capture and compare the output
>
> tcpdump -nvi en0 icmp
Yes Martin, you've all the reason: it works fine. Maybe I was confusing some flags or working on too much traffic (your example, taking only a few ICMP packet is so clear).
> What kind of interface is vr0 (what link type)?
[root@ares /]# ifconfig | grep media:
media: Ethernet 100baseTX <full-duplex>
It's a vr(4) based NIC on FreeBSD 7.0-beta3 system. I have to repeat it's my personal computer at home.
A folk response my initial question in private way and he has said:
"all tools (including tcpreplay and tomawhak) max speed is 200Mbps-300Mbps, for more performance, add host ... "
¿Is it also the case of daemontools? Maybe I need more... -- Thanks Jordi Espasa Clofent ------------------------------------------------------------------------- SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4 _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users