Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] Playing trace/capture file in tcpreplay and reading out w/

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Wed, 20 Sep 2006 19:53:34 -0700
Netfortius wrote:
On a MacOSX, using the latest (0.99.3a) version of wireshark, I am attempting to run in one terminal a:

$sudo tcpreplay -i lo0 capture-file.cap (or even -R to speed up the process)

while in a wireshark *session* reading out of the same lo0 (local interface on a MacOSX), but I am getting for all traffic IP header length = 0 (should be at least 20), thus nothing interpreted.

The capture-file.cap was previously obtained via a wireshark capture session of a real TCP session, produced with *against* a real network interface (en0 in the case of this specific MacOSX system I am working with).

Does tcpreplay support reading from a capture file on an Ethernet interface (with a link-layer type of DLT_EN10MB) and sending it on a BSD loopback interface (with a link-layer type of DLT_NULL)?

If not, that's the problem.