On 13 October 2011 23:57, Aaron Turner <synfina...@gmail.com> wrote: > On Wed, Oct 12, 2011 at 7:09 PM, narke <narkewo...@gmail.com> wrote: >> James, >> >> I still not yet understand "pre-determined already captured" ... Does >> that mean, when replay to a server, the server must produce a serial >> of sequence numbers that can be pre-determined before the first SYN >> connection? If so, I think this is not the design of normal TCP. > > What James is saying is that the client & server TCP initial sequence > number (ISN) are hard coded in the pcap file, based on what the ISN's > were when you captured the traffic. > > The problem is that for security reasons, every client and server are > supposed to pick a random ISN. Tcpreplay will use the same ISN as > when the connection was captured in the pcap file, but the server will > pick a new one for each connection. Without handing the new ISN, the > 3 way handshake will fail.... at least until you get lucky and the > server reuses the the same ISN which should be 1 in 2^32. > > If you'd like to know more, I highly recommend reading TCP/IP > Illustrated Vol 1 which is excellent or the relevant RFC's. > > Other then Wireplay I'm not aware of any tool which does what you > want. Scapy/Scruby could be probably be made to work if you know > python or ruby. > > -Aaron > >
Aaron, Yes, I understood the ISN things and three-way handshaking. I just though tcpreplay (as it name implies) has the intelligence to deal with it. Now I have to try to make a successful build of Wireplay. If I still cannot, I will try Scapy. Thanks. > > >> >> On 12 October 2011 23:11, James Bergeron >> <james.berge...@alcatel-lucent.com> wrote: >>> Yes on the tcp windowing. >>> >>> Canned traffic, "pre-determined already captured in a pcap" >>> >>> >>> On 10/12/2011 10:56 AM, narke wrote: >>>> What mean 'canned traffic'? And,what mean 'doesn't reply to >>>> windowing' --- you mean tcp window advertising? >>>> >>>> Thanks. >>>> >>>> On 12 October 2011 22:07, James Bergeron >>>> <james.berge...@alcatel-lucent.com> wrote: >>>>> Well it can play to the server canned traffic, but it doesn't reply to >>>>> windowing, it won't change behaviour based on the server replies etc. >>>>> >>>>> >>>>> On 10/12/2011 10:05 AM, narke wrote: >>>>>> Hi, >>>>>> >>>>>> It is mentioned in FAQ. But it's hard to believe because the tool >>>>>> named 'TCPreplay'. So I want to confirm that my understanding is >>>>>> right. >>>>>> >>>>>> I have a own developed TCP server that will always listen on a port. >>>>>> A client can connect to it and then request data from it. >>>>>> >>>>>> Can I log some traffics from client to server and replay them to the >>>>>> server (with some intended modifications) to test whether my server is >>>>>> stable enough? >>>>>> >>>>>> If tcpreplay cannot do the job. Could anyone please suggest another >>>>>> tool to me? >>>>>> >>>>>> Best Regards, >>>>>> >>>>>> >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> All the data continuously generated in your IT infrastructure contains a >>>>> definitive record of customers, application performance, security >>>>> threats, fraudulent activity and more. Splunk takes this data and makes >>>>> sense of it. Business sense. IT sense. Common sense. >>>>> http://p.sf.net/sfu/splunk-d2d-oct >>>>> _______________________________________________ >>>>> Tcpreplay-users mailing list >>>>> Tcpreplay-users@lists.sourceforge.net >>>>> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users >>>>> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support >>>>> >>>> >>>> >>> >>> >>> ------------------------------------------------------------------------------ >>> All the data continuously generated in your IT infrastructure contains a >>> definitive record of customers, application performance, security >>> threats, fraudulent activity and more. Splunk takes this data and makes >>> sense of it. Business sense. IT sense. Common sense. >>> http://p.sf.net/sfu/splunk-d2d-oct >>> _______________________________________________ >>> Tcpreplay-users mailing list >>> Tcpreplay-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users >>> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support >>> >> >> >> >> -- >> Life is the only flaw in an otherwise perfect nonexistence >> -- Schopenhauer >> >> narke >> public key at http://subkeys.pgp.net:11371 (narkewo...@gmail.com) >> >> ------------------------------------------------------------------------------ >> All the data continuously generated in your IT infrastructure contains a >> definitive record of customers, application performance, security >> threats, fraudulent activity and more. Splunk takes this data and makes >> sense of it. Business sense. IT sense. Common sense. >> http://p.sf.net/sfu/splunk-d2d-oct >> _______________________________________________ >> Tcpreplay-users mailing list >> Tcpreplay-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users >> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support >> > > > > -- > Aaron Turner > http://synfin.net/ Twitter: @synfinatic > http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & > Windows > Those who would give up essential Liberty, to purchase a little temporary > Safety, deserve neither Liberty nor Safety. > -- Benjamin Franklin > "carpe diem quam minimum credula postero" > > ------------------------------------------------------------------------------ > All the data continuously generated in your IT infrastructure contains a > definitive record of customers, application performance, security > threats, fraudulent activity and more. Splunk takes this data and makes > sense of it. Business sense. IT sense. Common sense. > http://p.sf.net/sfu/splunk-d2d-oct > _______________________________________________ > Tcpreplay-users mailing list > Tcpreplay-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/tcpreplay-users > Support Information: http://tcpreplay.synfin.net/trac/wiki/Support > -- Life is the only flaw in an otherwise perfect nonexistence -- Schopenhauer narke public key at http://subkeys.pgp.net:11371 (narkewo...@gmail.com) ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2d-oct _______________________________________________ Tcpreplay-users mailing list Tcpreplay-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tcpreplay-users Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
