I’ve noticed a certain pattern come up more and more recently and so I’d just like to make a public statement about asking for help with using tcpreplay:
Occasionally people are testing some kind of top secret device with tcpreplay and can’t tell me how it works or what it does or share their pcap file (because it has some kind of exploit or something like that I guess), but expect me to help them figure out why it can’t “see” the traffic tcpreplay sends. That’s a lot like asking your car mechanic to fix your car, but you won’t let them look at it because you’ve modified the engine to run on tap water and don’t want the mechanic to figure out your secret. As you might imagine, this is both very frustrating and a huge waste of my time.
Simply put, if you see the traffic in Wireshark or tcpdump, but your device under test can’t see it, then it’s most likely either a) bug in your product, b) you’ve miss-configured tcpreplay or c) you’ve got a bad pcap. You’ve pretty much ruled out a bug in tcpreplay at that point. Hence if you want help with determining if it’s A, B or C you’re going to have to give me your pcap, tell me what your product does and some basics about how it works under the hood. Honestly, I wouldn’t consider any of this at the company secrets level unless you’re hacking directly in kernel-space and are completely avoiding the well known socket API’s, but that’s your call.
Anyways, if you’re unable to tell the whole world on this mailing list the above, then your other option is to hire me as a consultant (for a price) at which point I’d be happy to sign an NDA to keep your secrets and we can work off list. Other then that, your best bet is to try and figure it out on your own, but please don’t ask me or the list for help to your problem.
Thanks,
Aaron