You might want to check out DaemonLogger, it's got a replay mode as well
as a real-time tap mode as well as being a packet logger itself.
Basically, DaemonLogger can capture traffic off of one interface direct
to the disk (logger mode), retransmit it out another interface in
real-time (tap mode) or replay a pcap file (replay mode).
You can get it at
http://www.snort.org/users/roesch/Site/Daemonlogger/Daemonlogger.html.
Very great tool Martin!
I cannot understand exactly the way to do what I want. I've tried it in
my own personal computer at home (with only 1 NIC, vr0).
1) Sniffing the traffic in very big chunks of time/data (1GB)
$ daemonlogger -i vr0 -c 1000000000
2. Replay the traffic on the same NIC
$ daemonlogger -R daemonlogger.pcap.1196961141 -o vr0
To check the re-injection process I quit the ethernet wire and launch a
tcpdump instance at the same time I lauch the step number 2; I think the
tcpdump should show traffic, so it's completely localhost traffic.
$ tcpdump -i vr0 -v
...but no traffic is showed.
¿It means that the re-injection process is incorrect?
¿How to do it?
--
Thanks
Jordi Espasa Clofent
-------------------------------------------------------------------------
SF.Net email is sponsored by: The Future of Linux Business White Paper
from Novell. From the desktop to the data center, Linux is going
mainstream. Let it simplify your IT future.
http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
