WireShark is not capturing my PCAP file I replayed using Tcpreplay?

One of my metrics is to test out Wireshark's accuracy of packet captures. I want to replay the pcap file I have with the images I know I have inside it on my eth0 network. I set up Ettercap, Wireshark and sleeted my targeted hosts. however wireshark cannot even track the attempt of pcap files

please advise what I have missed here

sarah's avatar
1
sarah
asked 2019-11-19 02:32:37 +0000, updated 2019-11-19 15:39:54 +0000
edit flag offensive 0 remove flag close merge delete

Comments

  • Does Wireshark capture anything on the interface, not just with TCPreplay?
  • I assume you use a non-Windows platform? Which one? What Wireshark version are we talking about?
  • Do other tools detect the traffic on the interface?
  • How do you replay the capture file on the interface?
Jaap's avatar Jaap (2019-11-19 05:37:44 +0000) edit
more
  • delete

Yes, Wireshark can capture other packets such at http and ftp sessions without Tcpreplay. i set up a virtual box on my MacBook Pro. I am accessing wireshark through kali as its preloaded. version 2.6.8. by other tools do you mean like tool as in Xplico. on the terminal I run tcpreplay --intf1=eth0 pcap.pcap

the packet states its sent, but not been detected on wireshark.

sarah's avatar sarah (2019-11-19 15:23:26 +0000) edit
more
  • delete

do you think I may need to set an IP address in the pcap files or can I set an IP address on command line when typing up the tcpreplay?

sarah's avatar sarah (2019-11-19 15:27:12 +0000) edit
more
  • delete

Take a closer look at what tcpreplay is sending:

tcpreplay -v -A e -i eth0 pcap.pcap

Exclude Wireshark from the initial testing. Use tcpdump on the same machine running tcpreplay (excluding port 22 if you are connected with ssh)

tcpdump -i eth0 -p  -Q out -e  not port 22

Once it's working with tcpdump then try the capture with Wireshark.
Verify that the capture interface is running in promiscuous mode.
If Wireshark is not running on the same machine as tcpreplay then check here:
https://wiki.wireshark.org/CaptureSet...
for information on setting up a SPAN port if needed.

Chuckc's avatar Chuckc (2019-11-19 16:52:39 +0000) edit
more
  • delete

thank you. I reinstalled kali and tested tcpdump to capture pcap.pcap with and it worked. afterwards I tested it with wireshark and it captured all imaged and files within my pcap file.

sarah's avatar sarah (2019-11-23 23:44:03 +0000) edit
more
  • delete
add a comment see more comments