Tcpreplay not work for sniffing interface
750 views
Skip to first unread message
Abdulvehhab Agin
Aug 25, 2016, 2:53:46 AM8/25/16
to security-onion
Hi,
I installed lastest SO, with a server and a sensor.
Sensor has a management interface (eth0), two sniffing interfaces (eth1,eth2).
when i want to run
tcpreplay -ieth1 -M10 /opt/samples/*
throw an error Invaild interface name/alias eth1
but "ifconfig -a" shows there is eth0,eth1,eth2
Thanlks
Wes
Aug 25, 2016, 6:25:03 AM8/25/16
to security-onion
Have you tried running it with "sudo"?
Ex. sudo tcpreplay -ieth1 -M10 /opt/samples/*
Thanks,
Wes
Abdulvehhab Agin
Aug 25, 2016, 8:17:01 AM8/25/16
to security-onion
Yes, i tried but not working.
When i type in bash:
$ ipconfig : it gives
eth0 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
inet addr:192.168.66.133 Bcast:192.168.66.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe74:2ed2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:90 errors:0 dropped:0 overruns:0 frame:0
TX packets:253 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:21983 (21.9 KB) TX bytes:30701 (30.7 KB)
Interrupt:19 Base address:0x2000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:43 errors:0 dropped:0 overruns:0 frame:0
TX packets:43 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:6143 (6.1 KB) TX bytes:6143 (6.1 KB)
--------------------------------
$ifconfig -a -> gives
eth0 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
inet addr:192.168.66.133 Bcast:192.168.66.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe74:2ed2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:166 errors:0 dropped:0 overruns:0 frame:0
TX packets:337 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:40531 (40.5 KB) TX bytes:44351 (44.3 KB)
Interrupt:19 Base address:0x2000
eth1 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
BROADCAST PROMISC MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:19 Base address:0x2080
eth2 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
BROADCAST PROMISC MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:16 Base address:0x2400
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:92 errors:0 dropped:0 overruns:0 frame:0
TX packets:92 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:13621 (13.6 KB) TX bytes:13621 (13.6 KB)
********************************************************************
When i tried:
sudo tcpreplay -ieth0 -M10 /opt/samples/*
no problem but
When i tried:
sudo tcpreplay -ieth1 -M10 /opt/samples/* OR
sudo tcpreplay -ieth2 -M10 /opt/samples/*
Fatal Error in tcpreplay.c:post_args() line 455:
Invalid interface name/alias: eth1
25 Ağustos 2016 Perşembe 13:25:03 UTC+3 tarihinde Wes yazdı:
When i type in bash:
$ ipconfig : it gives
eth0 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
inet addr:192.168.66.133 Bcast:192.168.66.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe74:2ed2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:90 errors:0 dropped:0 overruns:0 frame:0
TX packets:253 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:21983 (21.9 KB) TX bytes:30701 (30.7 KB)
Interrupt:19 Base address:0x2000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:43 errors:0 dropped:0 overruns:0 frame:0
TX packets:43 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:6143 (6.1 KB) TX bytes:6143 (6.1 KB)
--------------------------------
$ifconfig -a -> gives
eth0 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
inet addr:192.168.66.133 Bcast:192.168.66.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe74:2ed2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:166 errors:0 dropped:0 overruns:0 frame:0
TX packets:337 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:40531 (40.5 KB) TX bytes:44351 (44.3 KB)
Interrupt:19 Base address:0x2000
eth1 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
BROADCAST PROMISC MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:19 Base address:0x2080
eth2 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
BROADCAST PROMISC MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:16 Base address:0x2400
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:92 errors:0 dropped:0 overruns:0 frame:0
TX packets:92 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:13621 (13.6 KB) TX bytes:13621 (13.6 KB)
********************************************************************
When i tried:
sudo tcpreplay -ieth0 -M10 /opt/samples/*
no problem but
When i tried:
sudo tcpreplay -ieth1 -M10 /opt/samples/* OR
sudo tcpreplay -ieth2 -M10 /opt/samples/*
Fatal Error in tcpreplay.c:post_args() line 455:
Invalid interface name/alias: eth1
25 Ağustos 2016 Perşembe 13:25:03 UTC+3 tarihinde Wes yazdı:
Abdulvehhab Agin
Aug 25, 2016, 9:31:12 AM8/25/16
to security-onion
I solved problem:
Vmware blocked promicious mode in defaut
When i change:
/etc/init.d/vmware
vmwareStartVmnet() {
vmwareLoadModule $vnet
"$BINDIR"/vmware-networks --start >> $VNETLIB_LOG 2>&1
chmod a+rw /dev/vmnet*
}
It allows promicuos mode:
http://xmodulo.com/how-to-use-virtual-ethernet-adapters-in-promiscuous-mode-on-vmware.html
And i will up eth1, and eth2 via
ifconfig eth1 up
ifconfig eth2 up
tcpreplay is working
Thanks
25 Ağustos 2016 Perşembe 15:17:01 UTC+3 tarihinde Abdulvehhab Agin yazdı:
Vmware blocked promicious mode in defaut
When i change:
/etc/init.d/vmware
vmwareStartVmnet() {
vmwareLoadModule $vnet
"$BINDIR"/vmware-networks --start >> $VNETLIB_LOG 2>&1
chmod a+rw /dev/vmnet*
}
It allows promicuos mode:
http://xmodulo.com/how-to-use-virtual-ethernet-adapters-in-promiscuous-mode-on-vmware.html
And i will up eth1, and eth2 via
ifconfig eth1 up
ifconfig eth2 up
tcpreplay is working
Thanks
25 Ağustos 2016 Perşembe 15:17:01 UTC+3 tarihinde Abdulvehhab Agin yazdı:
Reply all
Reply to author
Forward
0 new messages