Sometimes our software does not work as we expect. It has to work, but it does not. Re-playing multicast traffic via tcpreplay is not exception in this case.
Common symptom is that you make all the steps from part I and part II but you still can't see the traffic on UDP port. Even more weird fact, that you even could catch network data via tcpdump -i interface host ipaddress or tcpdump -i interface port portNumber. The most terrible sitation when you are not able to google the answer.
Here are some advices which could save time:
1. Check that you interface is setup to listen multicast traffic with ip maddr command. You should see ip address of multicast group you waiting data from.
2. Check that destanation mac address is the same as mac of you network interface (or at least FF:FF:FF:FF:FF:FF i.e broadcast). In my case I had pcap with mac address equals to all zero ( 00:00:00:00:00:00 ) and I managed to read traffic by tcpdump, but not able to see as multicast on UDP port ( that did not work even with promisc mode on ).
3. Pay attention at pktlen parameter of tcpreplay tool ( that did not work in my case, but why not to try )
4. tcprewrite --fixcsum -F pad --infile=input.pcap --outfile=out.pcap ( after that out.pcap could be successfully replayed and catched ).
Hope this help.
No comments:
Post a Comment