Wireshark-users: [Wireshark-users] Playing trace/capture file in tcpreplay and reading out w/wire
From: Netfortius <netfortius@xxxxxxxxx>
Date: Wed, 20 Sep 2006 21:25:24 -0500
On a MacOSX, using the latest (0.99.3a) version of wireshark, I am attempting 
to run in one terminal a:

$sudo tcpreplay -i lo0 capture-file.cap (or even -R to speed up the process)

while in a wireshark *session* reading out of the same lo0 (local interface on 
a MacOSX), but I am getting for all traffic IP header length = 0 (should be 
at least 20), thus nothing interpreted.

The capture-file.cap was previously obtained via a wireshark capture session 
of a real TCP session, produced with *against* a real network interface (en0 
in the case of this specific MacOSX system I am working with).

If I open the capture file - itself - in wireshark, everything looks fine.

Is there any logic fault here (wrong assumption of mine that I could write to 
the local interface, using tcpreplay, while capturing from the same, while 
using wireshark), or am I missing something else here?

Please do not ask me why I would not simply read the file in wireshark - I am 
shooting for something different here, and this is just one (first) step.

Thanks,
Stefan