On Unix, how to simulate the exact same network traffic that was previously recorded?
I have a LAN made of 2 machines:
A local PC with interface
eth0and IP192.168.1.1. On this PC runs a codeCthat listens toeth0, grab UDP packets and produce a result with them.A remote hardware with IP
192.168.1.10. The hardware needs an initialization step (configuration, handshake, acknowledgment) and needs to be maintained active with a heartbeat. As long as the hardware is active, it sends data (grabbed by the local PC at the other end). All the different communications are done through different ports (see picture).
On the local PC, I plug the remote running HW, run tcpdump -i eth0 -w dump.pcap & (running in background), and just after that I run the code C that uses UDP packets received from HW (in parallel tcpdump is running). This produces a result R1 on the local PC: R1 is valid and can be post-processed.
Now, after the record dump.pcap is done, I let the remote HW running (otherwise eth0 dies - ip a does no more associate an IP to eth0), I run tcpreplay -K --intf1=eth0 dump.pcap & (running in background), and just after that I re-run the code C that uses UDP packets received from tcpreplay running in parallel (at least, that's my understanding of what should occur). The traces when C runs looks correct (initialization OK, no error, running / receiving looks OK). Unfortunately, C produces another result R2... Which is different from R1: R2 is invalid and can not even be post-processed?! The size of R2 is about the size of R1 but seems to be filled with zero/uninitialized data.
Is it possible to simulate the exact same traffic that the one that was previously recorded? If yes, what did I miss or what do I do wrong?
Note: I use a bash script to run tcpdump and C just one after the other when recording, and run tcpreplay and C just one after the other when replaying (trying to do things the same ways with similar delays as much as possible).
