Hello there,
sudo tcprewrite --enet-dmac=00:19:D1:07:0F:73 --enet-smac=00-24-8C-0B-CA-A2
--infile=dhcp.pcap --outfile=output.pcap
and
sudo tcpreplay --intf1=eth0 "output.pcap"
from normal pc (without virtualization). The packets are seen on the wireshark
on the destination computer with mac 00:19:D1:07:0F:73. I am working on why
from virtualization pc, it is not working.
If i am not wrong, my understanding of above command is
For ex: "output.pcap" file is being replayed by the computer with mac
00-24-8C-0B-CA-A2 with interface eth0 and is destined to the computer having
mac 00:19:D1:07:0F:73.
Now, my question is.
1. Can you please tell me on which particular port does tcpreplay
listens/responds while communicating b/w 2 computers??
2. Is it
possible to define port mannually while issuing the commands when the packets
are replayed to desired computer ???
like dns uses port 53. The client requests from a random port above 1023 to
server port 53. The servers response from port 53 to the originating port the
client wasquestioning on. So is there any mechanism to define ports mannually
????
________________________________
From: Aaron Turner <[email protected]>
To: Main forum for tcpreplay <[email protected]>
Sent: Thursday, December 15, 2011 11:06 PM
Subject: Re: [Tcpreplay-users] sending pcap files from one computer to another
using tcpreplay
Could be... I dunno. VMWare has to do some tricks for the networking
to work, and it's quite possible that it's not compatible with
tcpreplay. It may also depend on if you're using NAT, Routed or
Transparent on the virtual host. Your best chance of getting things
working would be transparent since NAT/Routed would place you on
different L2 broadcast networks which would definitely break things.
On Thu, Dec 15, 2011 at 1:43 PM, Ali Gouta <[email protected]> wrote:
> I think it is because there is no way where to send the in coming packet: in
> other words you need to fullfill the routing table on the server side. If
> you have 2 Nic cards on the server side (1 connected to eth0 of the client)
> and the other is free. Try to add a route in the routing table to the free
> interface (mean the other interface not the one connected to eth0) At That
> moment the packet might be seen ... Try and tell us.
> If you have only one card on the server side try to add a route which says
> all incoming packet from ethX (of the server related to eth0) will be sent
> back to eth0. And see what it gives.
>
> the command to add a route is: route xxxxxx (look for it)
>
> Good luck
>
>
> On Thu, Dec 15, 2011 at 10:00 PM, Prosiac Akin <[email protected]>
> wrote:
>>
>> Hello there,
>>
>> the output of the command
>> sudo tcprewrite --enet-dmac=00:19:D1:07:0F:73
>> --enet-smac=00-24-8C-0B-CA-A2 --infile=dhcp.pcap --outfile=output.pcap
>>
>> and
>>
>> sudo tcpreplay --intf1=eth0 "output.pcap"
>>
>> Output
>> ----------
>> sending out eth0
>> processing file: output.pcap
>> Actual: 4 packets (1312 bytes) sent in 0.07 seconds
>> Rated: 18742.9 bps, 0.14 Mbps, 57.14 pps
>> Statistics for network device: eth0
>> Attempted packets: 4
>> Successful packets: 4
>> Failed packets: 0
>> Retried packets (ENOBUFS): 0
>> Retried packets (EAGAIN): 0
>>
>> And on the destination PC with mac 00:19:D1:07:0F:73, i was not able to
>> see the 4 packets of DHCP through wireshark
>>
>> ________________________________
>> From: Aaron Turner <[email protected]>
>> To: Main forum for tcpreplay <[email protected]>
>> Sent: Thursday, December 15, 2011 9:39 PM
>>
>> Subject: Re: [Tcpreplay-users] sending pcap files from one computer to
>> another using tcpreplay
>>
>> On Thu, Dec 15, 2011 at 11:08 AM, Prosiac Akin <[email protected]>
>> wrote:
>> > i followed your instructions with the commands mentioned below
>> > tcprewrite --enet-dmac=00:55:22:AF:C6:37 --enet-smac=00:44:66:FC:29:AF
>> > --infile=input.pcap --outfile=output.pcap
>> >
>> > tcpreplay --intf1=eth0 "output.pcap"
>> >
>> > no error was seeen with this command, however, i cannot see the packets
>> > through wireshark.
>>
>> What is the report at the end of the tcpreplay command? How many
>> packets were sent?
>>
>> > Is it because i am doing this all in Vmware platform??? ( I am using the
>> > virtual mac address for smac taken from ubuntu installed in vmware). If
>> > yes,
>> > what could be its possible solution???
>>
>> Honestly, I don't use VMWware so I don't know, but it's quite possible.
>>
>> > (I was wondering about its usage. can you please clarify me what this
>> > command is actually doing. Why do we need that --outfile??? Even if we
>> > give
>> > the same pcap name as input.pcap, the command works fine. So i am really
>> > confused)
>>
>> --outfile is for specifying the new, modified pcap file name. If you
>> don't specify --outfile and tcprewrite doesn't complain that it's a
>> required option, then that's a bug and you likely have an old version
>> of tcprewrite (I don't believe the current version has this bug). You
>> really shouldn't use the same value as infile as bad things will
>> likely happen (you'll probably truncate the pcap so it has no packets)
>> which may explain why wireshark didn't see any.
>>
>> --
>> Aaron Turner
>> http://synfin.net/ Twitter: @synfinatic
>> http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix &
>> Windows
>> Those who would give up essential Liberty, to purchase a little temporary
>> Safety, deserve neither Liberty nor Safety.
>> -- Benjamin Franklin
>> "carpe diem quam minimum credula postero"
>>
>>
>> ------------------------------------------------------------------------------
>> 10 Tips for Better Server Consolidation
>> Server virtualization is being driven by many needs.
>> But none more important than the need to reduce IT complexity
>> while improving strategic productivity. Learn More!
>> http://www.accelacomm.com/jaw/sdnl/114/51507609/
>> _______________________________________________
>> Tcpreplay-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
>> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> 10 Tips for Better Server Consolidation
>> Server virtualization is being driven by many needs.
>> But none more important than the need to reduce IT complexity
>> while improving strategic productivity. Learn More!
>> http://www.accelacomm.com/jaw/sdnl/114/51507609/
>> _______________________________________________
>> Tcpreplay-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
>> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
>
>
>
> ------------------------------------------------------------------------------
> 10 Tips for Better Server Consolidation
> Server virtualization is being driven by many needs.
> But none more important than the need to reduce IT complexity
> while improving strategic productivity. Learn More!
> http://www.accelacomm.com/jaw/sdnl/114/51507609/
> _______________________________________________
> Tcpreplay-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
--
Aaron Turner
http://synfin.net/ Twitter: @synfinatic
http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety.
-- Benjamin Franklin
"carpe diem quam minimum credula postero"
------------------------------------------------------------------------------
10 Tips for Better Server Consolidation
Server virtualization is being driven by many needs.
But none more important than the need to reduce IT complexity
while improving strategic productivity. Learn More!
http://www.accelacomm.com/jaw/sdnl/114/51507609/
_______________________________________________
Tcpreplay-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
------------------------------------------------------------------------------
Learn Windows Azure Live! Tuesday, Dec 13, 2011
Microsoft is holding a special Learn Windows Azure training event for
developers. It will provide a great way to learn Windows Azure and what it
provides. You can attend the event by watching it streamed LIVE online.
Learn more at http://p.sf.net/sfu/ms-windowsazure
_______________________________________________
Tcpreplay-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
