In my experience, tcp-replay is only useful if you rewrite the ethernet and ip headers. Have a look at what the destination IP address and mac address is of the snmp trap packets and compare that with the interface you expect to capture on.
- See what you've got:
sudo tcpdump -qns 0 -r traps.pcap
- Rewrite the source and destination mac addresses , and the destination MAC (in this case, it's my macbooks en3 interface)
tcprewrite --infile=traps.pcap --outfile=rewritten.pcap -D 0.0.0.0/0:192.168.0.26 -S 0.0.0.0/0:192.168.0.2 --enet-dmac=ac:87:a3:35:cf:84
- Fix checksums
tcprewrite --infile=rewritten.pcap --outfile=final.pcap --fixcsum
- Run the sequence:
tcpreplay --intf1=eth0 final.pcap
or select some packets if you like
editcap -r final.pcap first-ten.pcap 1-10
Seems like a lot of unnecessary steps for such a simple task and there's probably some better way to do it, but this one works for me. BTW in my setup I am running the replay from a secondary host on the same network (192.168.0.2) with a destination of my macbook (192.168.0.26). There's probably a way to do it using loopback, but I couldn't find it.