Cannot replay capture file

JLeveillee · ‎03-13-2015

Installed the test environment for DNS FW. I have done a packet capture via the Grid Manager on a DNS server. When I upload the traffic capture file and run it in the test environment I get an error message. Any suggestion on how to fix this issue? I also tried to upload the syslog I downloaded via Grid Manager and that did not work, either!

--- 2015-03-02 13:56:01 ---

Check Testbed:

Grid Master connection for DNSFW is OK

Reporting member connection is OK

DNS service is OK

NTP service is OK

Reporting service is OK

RPZ feed is synchronized

--- 2015-03-02 14:08:33 ---

File traffic.cap has been successfully uploaded

--- 2015-03-02 14:08:55 ---

Play PCAP file 'traffic.cap' with DNS IP 7.7.7.7:

Filtering pcap file...

reading from file /opt/uploads/packet_captures/traffic.cap, link-type LINUX_SLL (Linux cooked)

Rewriting dst ip/mac of packets in pcap file...

Fatal Error in tcpedit.c:tcpedit_packet() line 114:

From ./plugins/dlt_linuxsll/linuxsll.c:dlt_linuxsll_encode() line 219:

DLT_LINUX_SLL plugin does not support packet encoding

Error rewriting dst ip/mac

ems · ‎03-17-2015

Hi Jerry,

Thank you for posting your question. I've reached out to a few people internally that should be responding shortly. Feel free to reach out directly if needed to: erics @ infoblox (dot) com

Best,

Eric

ems · ‎03-18-2015

Hi Jerry,

Spoke with one of our folks who recommended doing the following. Please let us know if this resolved the issue for you.

1. Convert the pcap file from LINUX_SLL to EN10MB format using tcprewrite:

tcprewrite --dlt=enet --infile=<input-pcapfile> --outfile=<output-pcapfile>

Then you should be able to upload the converted pcap file to the GuideVM and retry the playback.

THE GAME HAS CHANGED

Freeware & Evaluations

Cannot replay capture file

Hi Jerry,

Hi Jerry, Spoke with one of our folks who recommended doi...