I don't think that tcpreplay operates on the 4th layer means that it won't
be possible to change origin ports!!!
the capture contains ports associated to trafic that was captured WHILE
generating the initial pcap file.
So saying on which ports tcpreplay listens/responds have no sens cause it
depends on ports used when generating the pcap file.
I don't know exactly what you are looking for, but what would be the
purpose of changing ports ??? thus if you will change ports then Wireshark
will give wrong results on the server side. As for identifying an http
application => we need port 80. If you will change it to other port you may
blows up everything... and http won't be identified.
On Fri, Dec 16, 2011 at 12:28 PM, Prosiac Akin <cramped_ga...@yahoo.com>wrote:
> Hello there,
>
> sudo tcprewrite --enet-dmac=00:19:D1:07:0F:73
> --enet-smac=00-24-8C-0B-CA-A2 --infile=dhcp.pcap --outfile=output.pcap
> and
> sudo tcpreplay --intf1=eth0 "output.pcap"
>
> from normal pc (without virtualization). The packets are seen on the
> wireshark on the destination computer with mac 00:19:D1:07:0F:73. I am
> working on why from virtualization pc, it is not working.
>
> If i am not wrong, my understanding of above command is
> For ex: "output.pcap" file is being replayed by the computer with mac
> 00-24-8C-0B-CA-A2 with interface eth0 and is destined to the computer
> having mac 00:19:D1:07:0F:73.
>
> Now, my question is.
> 1. Can you please tell me on which particular port does tcpreplay
> listens/responds while communicating b/w 2 computers??
> 2. Is it possible to define port mannually while issuing the commands when
> the packets are replayed to desired computer ???
>
> like dns uses port 53. The client requests from a random port above 1023
> to server port 53. The servers response from port 53 to the originating
> port the client was questioning on. So is there any mechanism to define
> ports mannually ????
>
> ------------------------------
> *From:* Aaron Turner <synfina...@gmail.com>
> *To:* Main forum for tcpreplay <tcpreplay-users@lists.sourceforge.net>
> *Sent:* Thursday, December 15, 2011 11:06 PM
>
> *Subject:* Re: [Tcpreplay-users] sending pcap files from one computer to
> another using tcpreplay
>
> Could be... I dunno. VMWare has to do some tricks for the networking
> to work, and it's quite possible that it's not compatible with
> tcpreplay. It may also depend on if you're using NAT, Routed or
> Transparent on the virtual host. Your best chance of getting things
> working would be transparent since NAT/Routed would place you on
> different L2 broadcast networks which would definitely break things.
>
> On Thu, Dec 15, 2011 at 1:43 PM, Ali Gouta <ali.go...@gmail.com> wrote:
> > I think it is because there is no way where to send the in coming
> packet: in
> > other words you need to fullfill the routing table on the server side. If
> > you have 2 Nic cards on the server side (1 connected to eth0 of the
> client)
> > and the other is free. Try to add a route in the routing table to the
> free
> > interface (mean the other interface not the one connected to eth0) At
> That
> > moment the packet might be seen ... Try and tell us.
> > If you have only one card on the server side try to add a route which
> says
> > all incoming packet from ethX (of the server related to eth0) will be
> sent
> > back to eth0. And see what it gives.
> >
> > the command to add a route is: route xxxxxx (look for it)
> >
> > Good luck
> >
> >
> > On Thu, Dec 15, 2011 at 10:00 PM, Prosiac Akin <cramped_ga...@yahoo.com>
> > wrote:
> >>
> >> Hello there,
> >>
> >> the output of the command
> >> sudo tcprewrite --enet-dmac=00:19:D1:07:0F:73
> >> --enet-smac=00-24-8C-0B-CA-A2 --infile=dhcp.pcap --outfile=output.pcap
> >>
> >> and
> >>
> >> sudo tcpreplay --intf1=eth0 "output.pcap"
> >>
> >> Output
> >> ----------
> >> sending out eth0
> >> processing file: output.pcap
> >> Actual: 4 packets (1312 bytes) sent in 0.07 seconds
> >> Rated: 18742.9 bps, 0.14 Mbps, 57.14 pps
> >> Statistics for network device: eth0
> >> Attempted packets: 4
> >> Successful packets: 4
> >> Failed packets: 0
> >> Retried packets (ENOBUFS): 0
> >> Retried packets (EAGAIN): 0
> >>
> >> And on the destination PC with mac 00:19:D1:07:0F:73, i was not able to
> >> see the 4 packets of DHCP through wireshark
> >>
> >> ________________________________
> >> From: Aaron Turner <synfina...@gmail.com>
> >> To: Main forum for tcpreplay <tcpreplay-users@lists.sourceforge.net>
> >> Sent: Thursday, December 15, 2011 9:39 PM
> >>
> >> Subject: Re: [Tcpreplay-users] sending pcap files from one computer to
> >> another using tcpreplay
> >>
> >> On Thu, Dec 15, 2011 at 11:08 AM, Prosiac Akin <cramped_ga...@yahoo.com
> >
> >> wrote:
> >> > i followed your instructions with the commands mentioned below
> >> > tcprewrite --enet-dmac=00:55:22:AF:C6:37 --enet-smac=00:44:66:FC:29:AF
> >> > --infile=input.pcap --outfile=output.pcap
> >> >
> >> > tcpreplay --intf1=eth0 "output.pcap"
> >> >
> >> > no error was seeen with this command, however, i cannot see the
> packets
> >> > through wireshark.
> >>
> >> What is the report at the end of the tcpreplay command? How many
> >> packets were sent?
> >>
> >> > Is it because i am doing this all in Vmware platform??? ( I am using
> the
> >> > virtual mac address for smac taken from ubuntu installed in vmware).
> If
> >> > yes,
> >> > what could be its possible solution???
> >>
> >> Honestly, I don't use VMWware so I don't know, but it's quite possible.
> >>
> >> > (I was wondering about its usage. can you please clarify me what this
> >> > command is actually doing. Why do we need that --outfile??? Even if we
> >> > give
> >> > the same pcap name as input.pcap, the command works fine. So i am
> really
> >> > confused)
> >>
> >> --outfile is for specifying the new, modified pcap file name. If you
> >> don't specify --outfile and tcprewrite doesn't complain that it's a
> >> required option, then that's a bug and you likely have an old version
> >> of tcprewrite (I don't believe the current version has this bug). You
> >> really shouldn't use the same value as infile as bad things will
> >> likely happen (you'll probably truncate the pcap so it has no packets)
> >> which may explain why wireshark didn't see any.
> >>
> >> --
> >> Aaron Turner
> >> http://synfin.net/ Twitter: @synfinatic
> >> http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix &
> >> Windows
> >> Those who would give up essential Liberty, to purchase a little
> temporary
> >> Safety, deserve neither Liberty nor Safety.
> >> -- Benjamin Franklin
> >> "carpe diem quam minimum credula postero"
> >>
> >>
> >>
> ------------------------------------------------------------------------------
> >> 10 Tips for Better Server Consolidation
> >> Server virtualization is being driven by many needs.
> >> But none more important than the need to reduce IT complexity
> >> while improving strategic productivity. Learn More!
> >> http://www.accelacomm.com/jaw/sdnl/114/51507609/
> >> _______________________________________________
> >> Tcpreplay-users mailing list
> >> Tcpreplay-users@lists.sourceforge.net
> >> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
> >> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
> >>
> >>
> >>
> >>
> >>
> ------------------------------------------------------------------------------
> >> 10 Tips for Better Server Consolidation
> >> Server virtualization is being driven by many needs.
> >> But none more important than the need to reduce IT complexity
> >> while improving strategic productivity. Learn More!
> >> http://www.accelacomm.com/jaw/sdnl/114/51507609/
> >> _______________________________________________
> >> Tcpreplay-users mailing list
> >> Tcpreplay-users@lists.sourceforge.net
> >> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
> >> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
> >
> >
> >
> >
> ------------------------------------------------------------------------------
> > 10 Tips for Better Server Consolidation
> > Server virtualization is being driven by many needs.
> > But none more important than the need to reduce IT complexity
> > while improving strategic productivity. Learn More!
> > http://www.accelacomm.com/jaw/sdnl/114/51507609/
> > _______________________________________________
> > Tcpreplay-users mailing list
> > Tcpreplay-users@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
> > Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
>
>
>
> --
> Aaron Turner
> http://synfin.net/ Twitter: @synfinatic
> http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix &
> Windows
> Those who would give up essential Liberty, to purchase a little temporary
> Safety, deserve neither Liberty nor Safety.
> -- Benjamin Franklin
> "carpe diem quam minimum credula postero"
>
>
> ------------------------------------------------------------------------------
> 10 Tips for Better Server Consolidation
> Server virtualization is being driven by many needs.
> But none more important than the need to reduce IT complexity
> while improving strategic productivity. Learn More!
> http://www.accelacomm.com/jaw/sdnl/114/51507609/
> _______________________________________________
> Tcpreplay-users mailing list
> Tcpreplay-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
>
>
>
>
> ------------------------------------------------------------------------------
> Learn Windows Azure Live! Tuesday, Dec 13, 2011
> Microsoft is holding a special Learn Windows Azure training event for
> developers. It will provide a great way to learn Windows Azure and what it
> provides. You can attend the event by watching it streamed LIVE online.
> Learn more at http://p.sf.net/sfu/ms-windowsazure
> _______________________________________________
> Tcpreplay-users mailing list
> Tcpreplay-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
>
------------------------------------------------------------------------------
Learn Windows Azure Live! Tuesday, Dec 13, 2011
Microsoft is holding a special Learn Windows Azure training event for
developers. It will provide a great way to learn Windows Azure and what it
provides. You can attend the event by watching it streamed LIVE online.
Learn more at http://p.sf.net/sfu/ms-windowsazure
_______________________________________________
Tcpreplay-users mailing list
Tcpreplay-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
