On a MacOSX, using the latest (0.99.3a) version of wireshark, I am attempting
to run in one terminal a:
$sudo tcpreplay -i lo0 capture-file.cap (or even -R to speed up the process)
while in a wireshark *session* reading out of the same lo0 (local interface on
a MacOSX), but I am getting for all traffic IP header length = 0 (should be
at least 20), thus nothing interpreted.
The capture-file.cap was previously obtained via a wireshark capture session
of a real TCP session, produced with *against* a real network interface (en0
in the case of this specific MacOSX system I am working with).
If I open the capture file - itself - in wireshark, everything looks fine.
Is there any logic fault here (wrong assumption of mine that I could write to
the local interface, using tcpreplay, while capturing from the same, while
using wireshark), or am I missing something else here?
Please do not ask me why I would not simply read the file in wireshark - I am
shooting for something different here, and this is just one (first) step.
Thanks,
Stefan