Wireshark-users: Re: [Wireshark-users] Playing trace/capture file in tcpreplay and reading out w/
On Friday 22 September 2006 09:33, Richard Bejtlich wrote:
> Netfortius wrote:
> > You're probably right - I do remember having been able to do something
> > similar on Linux
>
> Linux's loopback device has a link-layer type of Ethernet; the BSD one
> doesn't.
>
> > (not with wireshark
>
> There's nothing Wireshark-specific about this; you'd probably see the
> same problem if you used tcpdump rather than Wireshark.
>
> > - but originating in tcpreplay - which defintely
> > points the problem to this one), so it is probably a kernel modification
> > and/or libnet problem with the BSD *under* MacOSX' hood ... :(
>
> What you need is a version of tcpreplay that will at least try to
> translate Ethernet packet headers to BSD loopback packet headers; you're
> unlikely ever to see a version of OS X (or any other BSD) with loopback
> devices using a link-layer type other than BPF_NULL or BPF_LOOP.
>
> You can use tap0 on FreeBSD to get loopback-like functionality.
>
> http://taosecurity.blogspot.com/2006/09/using-tap0-with-tcpreplay.html
>
> Sincerely,
>
> Richard
Thanks to Richard I got a direction to follow. As my question pertained to
MacOSX - which does not provide a tap0 by default - I had to resort to:
http://www-user.rhrk.uni-kl.de/~nissler/tuntap/
The problem is that my initial attempts have not been fully successful, but
this is a matter way off-topic for the wireshark mailing list. I wanted to
provide the link above just for completeness and closure of this thread.
Thanks again to both Guy and Richard for their help.
Stefan
