tcpreplay traffic not being seen in localhost with netcat
I have a pcap file that I modified with tcprewrite to set source and destination IP = 127.0.0.1, while the port numbers are different. I also set both mac addresses to 00:00:00:00:00:00 as I understand that comms over localhost ignore MAC. I made sure checksum was fixed.
When I run tcpreplay -i lo test-lo.pcap in one shell, and tcpdump -i lo -p udp port 50001 in another, I see the traffic. Yet, when I try to view the traffic with netcat -l -u 50001, it sees nothing. Wireshark is capturing the traffic correctly.
Side note: I'm seeing the following warning when running tcpreplay on localhost:
Warning: Unsupported physical layer type 0x0304 on lo. Maybe it works, maybe it won't. See tickets #123/318 That seems worrisome.
I'm asking because my own UDP listener code is also having the same problem as netcat and thought that maybe I'm missing something. Why would traffic be seen by tcpdump and wireshark, and not by netcat?
I'm asking because my own UDP listener code is also having the same problem as netcat and thought that maybe I'm missing something. Why would traffic be seen by tcpdump and wireshark, and not by netcat?
Look at this image of the kernel packet flow from wikipedia:
As you can see, there are different places along the path where packets can be accessed. Wireshark uses libpcap, which uses an AF_PACKET socket to see packets. Your UDP listener, like netcat, uses regular user-space sockets. Let's highlight both on this image. Wireshark obtains packets via the red path, netcat via the purple one:
As you can see, there is a whole sequence of steps packets have to go through in the kernel to get to a local process socket. These steps include bridging, routing, filtering etc. Which step drops your packets? I don't know. You can try tweaking the packets and maybe you'll get lucky.
If you want a more systematic approach, use a tool like dropwatch. It hooks into the kernel and shows you counters of where the kernel drops packets.
- Unable to receive vídeo Stream from tello drone
- What are the chances of losing a UDP packet?
- How to make Gstreamer RTSP -> UDP -> RTSP low latency pipeline?
- How to build a raw UDP packet in C++?
- Why doesn't error occur in UDP socket communication?
- Error correcting codes for packet loss (UDP)
- Can UDP data be delivered corrupted?
- Lwip on mbed-os 5 doesn't make a proper ethernet connection
- 'L3PacketSocket' object has no attribute 'ins' when using send command
- Node.js: Receiving too many UDP messages at a time, losing them
- Reed Solomon and UDP packet loss/corruption handling
- Is there any possible way to send Udp requests faster in SharpPcap (.NET 8)?
- broadcast UDP from docker (on Windows host) does not make it to the LAN
- Boost asio, timer inside async_receive_from wont trigger
- Why the first client seems to have source ip of 0.0.0.0?
- How to send UDP Packet with specify address
- C# UdpCLient.Receive doesn't receive any data on different machine
- (C# / .NET 8.0) Why can't I receive then send data from UdpClients created and used in separate threads?
- Send Broadcast UDP but not receive it on other Android devices
- How to read UDP packet with variable length in C
- Catching "bind: address already in use"
- Accessing the packet data including the IP header from a UDP packet in C#
- How to "reply" to a UDP packet with IPv6
- Errno: 11, Resource Temporarily Unavailable
- Send image over UDP to Unreal Engine and load it there
- Got "failed to sufficiently increase receive buffer size" error for cloudflared
- Size of empty UDP and TCP packet?
- Python socket.error: [Errno 13] Permission denied
- udp select timeout issues. Either timing out or reading from all clients
- Select between TCP socket and UDP socket(c)