On Wed, Oct 12, 2011 at 7:09 PM, narke <narkewo...@gmail.com> wrote: > James, > > I still not yet understand "pre-determined already captured" ... Does > that mean, when replay to a server, the server must produce a serial > of sequence numbers that can be pre-determined before the first SYN > connection? If so, I think this is not the design of normal TCP.
What James is saying is that the client & server TCP initial sequence number (ISN) are hard coded in the pcap file, based on what the ISN's were when you captured the traffic. The problem is that for security reasons, every client and server are supposed to pick a random ISN. Tcpreplay will use the same ISN as when the connection was captured in the pcap file, but the server will pick a new one for each connection. Without handing the new ISN, the 3 way handshake will fail.... at least until you get lucky and the server reuses the the same ISN which should be 1 in 2^32. If you'd like to know more, I highly recommend reading TCP/IP Illustrated Vol 1 which is excellent or the relevant RFC's. Other then Wireplay I'm not aware of any tool which does what you want. Scapy/Scruby could be probably be made to work if you know python or ruby. -Aaron > > On 12 October 2011 23:11, James Bergeron > <james.berge...@alcatel-lucent.com> wrote: >> Yes on the tcp windowing. >> >> Canned traffic, "pre-determined already captured in a pcap" >> >> >> On 10/12/2011 10:56 AM, narke wrote: >>> What mean 'canned traffic'? And,what mean 'doesn't reply to >>> windowing' --- you mean tcp window advertising? >>> >>> Thanks. >>> >>> On 12 October 2011 22:07, James Bergeron >>> <james.berge...@alcatel-lucent.com> wrote: >>>> Well it can play to the server canned traffic, but it doesn't reply to >>>> windowing, it won't change behaviour based on the server replies etc. >>>> >>>> >>>> On 10/12/2011 10:05 AM, narke wrote: >>>>> Hi, >>>>> >>>>> It is mentioned in FAQ. But it's hard to believe because the tool >>>>> named 'TCPreplay'. So I want to confirm that my understanding is >>>>> right. >>>>> >>>>> I have a own developed TCP server that will always listen on a port. >>>>> A client can connect to it and then request data from it. >>>>> >>>>> Can I log some traffics from client to server and replay them to the >>>>> server (with some intended modifications) to test whether my server is >>>>> stable enough? >>>>> >>>>> If tcpreplay cannot do the job. Could anyone please suggest another tool >>>>> to me? >>>>> >>>>> Best Regards, >>>>> >>>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> All the data continuously generated in your IT infrastructure contains a >>>> definitive record of customers, application performance, security >>>> threats, fraudulent activity and more. Splunk takes this data and makes >>>> sense of it. Business sense. IT sense. Common sense. >>>> http://p.sf.net/sfu/splunk-d2d-oct >>>> _______________________________________________ >>>> Tcpreplay-users mailing list >>>> Tcpreplay-users@lists.sourceforge.net >>>> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users >>>> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support >>>> >>> >>> >> >> >> ------------------------------------------------------------------------------ >> All the data continuously generated in your IT infrastructure contains a >> definitive record of customers, application performance, security >> threats, fraudulent activity and more. Splunk takes this data and makes >> sense of it. Business sense. IT sense. Common sense. >> http://p.sf.net/sfu/splunk-d2d-oct >> _______________________________________________ >> Tcpreplay-users mailing list >> Tcpreplay-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users >> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support >> > > > > -- > Life is the only flaw in an otherwise perfect nonexistence > -- Schopenhauer > > narke > public key at http://subkeys.pgp.net:11371 (narkewo...@gmail.com) > > ------------------------------------------------------------------------------ > All the data continuously generated in your IT infrastructure contains a > definitive record of customers, application performance, security > threats, fraudulent activity and more. Splunk takes this data and makes > sense of it. Business sense. IT sense. Common sense. > http://p.sf.net/sfu/splunk-d2d-oct > _______________________________________________ > Tcpreplay-users mailing list > Tcpreplay-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/tcpreplay-users > Support Information: http://tcpreplay.synfin.net/trac/wiki/Support > -- Aaron Turner http://synfin.net/ Twitter: @synfinatic http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin "carpe diem quam minimum credula postero" ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2d-oct _______________________________________________ Tcpreplay-users mailing list Tcpreplay-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tcpreplay-users Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
