One quick update, inline... On Mon, Jul 18, 2011 at 8:51 AM, Aaron Turner <synfina...@gmail.com> wrote: > You're probably running into two different issues. > > 1. Tcpreplay and playing TCP traffic back to a server doesn't work as > detailed in the FAQ: > http://tcpreplay.synfin.net/wiki/FAQ#Doestcpreplaysupportsendingtraffictoaserver > > 2. --enet-dmac and --enet-smac aren't match & replace like --pnat. > Information on their use is documented here: > http://tcpreplay.synfin.net/wiki/tcprewrite#RewritingLayer2 > > Basically it only makes sense to provide two MAC addresses to > --enet-dmac and --enet-smac is when you're also using a tcpprep cache > file.
What I needed to say (haven't had enough coffee yet this morning) is that tcpreplay won't let you replay traffic using a cache file with only one interface. The purpose of this and two MAC addresses with --enet-dmac and --enet-smac is for replaying traffic *through* a device like a router where you need to rewrite the destination MAC address depending on which interface the packet goes out. Hopefully this helps explain that: http://tcpreplay.synfin.net/wiki/usage#PassingTrafficThroughaFirewallRouterNon-TransparentDevice Anyways, as I said your real issue is #1. TCP + endpoint = failure every single time. There's no current way around it unfortunately and I'm not aware of any tool which does it inexpensively. My old company Mu Dynamics does this sort of thing if you've got a budget. > > Hope that helps. > > On Mon, Jul 18, 2011 at 7:22 AM, Alexander Huemer > <alexander.hue...@xx.vu> wrote: >> Hi, >> >> I can't get what I want out of tcpreplay and the related tools and >> strongly assume it is my fault, not the fault of the tools. >> I have a .pcap file that contains the communication between two hosts, a >> client and a server (2 TCP server ports). >> The trace is from a network with a different setup, so different MACs >> and different IPs. >> What I want to do is replay the traffic that is sent from the client to >> the server, the other direction is not of interest. >> My setup are two linux boxes, one with tcpreplay, one with the server >> software. >> I put together a little script that processes the .pcap file, but >> obviously I do something wrong. The script is pasted below. >> There is no traffic received at all by the server software. >> Could anyone please correct the script or give some advice on what I >> have to change ? >> >> Thanks in advance, all suggestions welcome. >> >> Kind regards, >> -Alexander Huemer >> >> >> >> #!/bin/sh >> >> OLD_CLIENT_MAC="00:02:95:00:4e:b3" >> OLD_SERVER_MAC="00:0b:97:a2:f4:bd" >> OLD_CLIENT_IP="192.168.100.101" >> OLD_SERVER_IP="192.168.100.11" >> >> NEW_CLIENT_MAC="00:00:24:c1:52:19" >> NEW_SERVER_MAC="00:e0:81:b0:83:fa" >> NEW_CLIENT_IP="192.168.0.1" >> NEW_SERVER_IP="192.168.0.2" >> >> INFILE="infile" >> OUTFILE="out.pcap" >> CACHEFILE="my_tcpprep_cache_file" >> >> NIC="eth1" >> >> preprocess() { >> #--mac="${OLD_SERVER_MAC}" \ >> tcpprep \ >> --cidr="${OLD_SERVER_IP}" \ >> --cachefile="${CACHEFILE}" \ >> --pcap="${INFILE}" >> >> tcprewrite \ >> >> --pnat="${OLD_CLIENT_IP}:${NEW_CLIENT_IP},${OLD_SERVER_IP}:${NEW_SERVER_IP}" >> \ >> --enet-dmac="${OLD_SERVER_MAC},${NEW_SERVER_MAC}" \ >> --enet-smac="${OLD_CLIENT_MAC},${NEW_CLIENT_MAC}" \ >> --cachefile="${CACHEFILE}" \ >> --infile="${INFILE}" \ >> --outfile="${OUTFILE}" >> } >> >> replay() { >> sudo tcpreplay \ >> --intf1="${NIC}" \ >> --cachefile="${CACHEFILE}" \ >> "${OUTFILE}" >> } >> >> case "${1}" in >> "preprocess" | \ >> "replay" ) >> "${1}" >> ;; >> *) >> echo "usage: ${0} [ preprocess | replay ]" >&2 >> exit 1 >> ;; >> esac >> >> >> >> ------------------------------------------------------------------------------ >> AppSumo Presents a FREE Video for the SourceForge Community by Eric >> Ries, the creator of the Lean Startup Methodology on "Lean Startup >> Secrets Revealed." This video shows you how to validate your ideas, >> optimize your ideas and identify your business strategy. >> http://p.sf.net/sfu/appsumosfdev2dev >> _______________________________________________ >> Tcpreplay-users mailing list >> Tcpreplay-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users >> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support >> > > > > -- > Aaron Turner > http://synfin.net/ Twitter: @synfinatic > http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & > Windows > Those who would give up essential Liberty, to purchase a little temporary > Safety, deserve neither Liberty nor Safety. > -- Benjamin Franklin > "carpe diem quam minimum credula postero" > -- Aaron Turner http://synfin.net/ Twitter: @synfinatic http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin "carpe diem quam minimum credula postero" ------------------------------------------------------------------------------ AppSumo Presents a FREE Video for the SourceForge Community by Eric Ries, the creator of the Lean Startup Methodology on "Lean Startup Secrets Revealed." This video shows you how to validate your ideas, optimize your ideas and identify your business strategy. http://p.sf.net/sfu/appsumosfdev2dev _______________________________________________ Tcpreplay-users mailing list Tcpreplay-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tcpreplay-users Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
