Netfortius wrote:
You're probably right - I do remember having been able to do something similar
on Linux
Linux's loopback device has a link-layer type of Ethernet; the BSD one
doesn't.
(not with wireshark
There's nothing Wireshark-specific about this; you'd probably see the
same problem if you used tcpdump rather than Wireshark.
- but originating in tcpreplay - which defintely
points the problem to this one), so it is probably a kernel modification
and/or libnet problem with the BSD *under* MacOSX' hood ... :(
What you need is a version of tcpreplay that will at least try to
translate Ethernet packet headers to BSD loopback packet headers; you're
unlikely ever to see a version of OS X (or any other BSD) with loopback
devices using a link-layer type other than BPF_NULL or BPF_LOOP.
You can use tap0 on FreeBSD to get loopback-like functionality.
http://taosecurity.blogspot.com/2006/09/using-tap0-with-tcpreplay.html
Sincerely,
Richard