Multicast from tcp replay seen by wireshark but not by application

Question

I have got a multicast packet capture I'm playing with tcpreplay:

sysctl net.ipv4.conf.all.rp_filter=0
sysctl net.ipv4.conf.eth0.rp_filter=0
tcpreplay -i eth0 --loop=100 new.pcap

I watch the traffic on eth0 with wireshark and I can see the packets I'm interested in (let's say 224.0.23.60:4937).

But the following python app cannot find the packets:

import socket
import struct

MCAST_GRP = '224.0.23.60'
MCAST_PORT = 4937

sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
sock.bind((MCAST_GRP, MCAST_PORT))  # use MCAST_GRP instead of '' to listen only
                         # to MCAST_GRP, not all groups on MCAST_PORT
mreq = struct.pack("4sl", socket.inet_aton(MCAST_GRP), socket.INADDR_ANY)

sock.setsockopt(socket.IPPROTO_IP, socket.IP_ADD_MEMBERSHIP, mreq)

while True:
   print '#'
   print sock.recv(64)

netstat -g is giving the following output:

lo              1      all-systems.mcast.net
eth0            1      224.0.23.60

Am I missing something here ?

[Edit] I should precise that the ip src in my packet capture is not in the same network subdomain (ip src: 192.168.1.10) whereas my ip is something like 146.186.197.164.

Well apparently tcpreplay is able to play udp packets, because I can see the udp mulitcast packets in wireshark. — Nico, Nov 21 '17 at 14:48
Your app sending nothing [Check this](https://stackoverflow.com/questions/12607516/python-udp-broadcast-not-sending) — dsgdfg, Nov 21 '17 at 15:25
@dsgdfg My app is only listening, traffic is generated by tcpreplay with packet capture (pcap). — Nico, Nov 21 '17 at 15:38

score 1 · Answer 1 · answered Nov 24 '17 at 10:03

After reading carefully the documentation (http://tcpreplay.synfin.net/wiki/FAQ), it seems that tcpreplay sends the packets between the TCP/IP stack and the ethernet device driver, therefore the TCP/IP stack of the host system never sees the packets.

I ended up using a debian Os with virtual box configured with the host only adapter and use tcpreplay in that machine.

score 0 · Answer 2 · answered Feb 01 '23 at 13:33

Now, it is mentioned clearly on the FAQ page.

https://tcpreplay.appneta.com/wiki/faq.html#can-i-send-packets-on-the-same-computer-running-tcpreplay

Q: Can I send packets on the same computer running tcpreplay?

Generally speaking no. When tcpreplay sends packets, it injects them
between the TCP/IP stack of the system and the device driver of the
network card. The result is the TCP/IP stack system running tcpreplay
never sees the packets.

One suggestion that has been made is using something like VMWare,
Parallels or Xen. Running tcpreplay in the virtual machine (guest)
would allow packets to be seen by the host operating system.

Multicast from tcp replay seen by wireshark but not by application

2 Answers2