Hi, I would like to forward pcap data using tcpreplay on a remote machine which has installed a stream forwarder to forward the pcap data to my local machine. In my local machine, I have installed splunk stream but I did not receive any pcap data when I run tcpreplay on my remote machine.
e.g. I ran this on my remote machine, but it didnt worked. So I tried installing a universal forwarder.
./streamfwd -r '/root/Desktop/mypacket.pcap' -s http://:8889
e.g. using universal forwarder
sudo ./splunk add forward-server :9997
then I added the directory to monitor.
./splunk add monitor /root/Desktop -sourcetype pcap_capture -index wireshark_pcaptest
(is that how universal forwarder works like it monitors traffic in the desktop directory since im running tcpreplay on my desktop ?)
So my question is how do I receive pcap data using the both methods as mentioned above ? Because I want to simulate a real-time traffic through tcpreplay. (please correct my understanding)