In order to chage or forge mac/ip adresses, you need to use such a command:
tcprewrite --enet-dmac=00:44:66:FC:29:AF,00:55:22:AF:C6:37
--enet-smac=00:66:AA:D1:32:C2,00:22:55:AC:DE:AC --cachefile=input.cache
--infile=input.pcap --outfile=output.pcap
Now back to your problem, I am pretty sure it comes from the cache file
while using tcpprep. But I really don't know how to fix it. In my case, I
remember I had to delete some information from the pcap file and things
went well (I remember I deleted the vlan tags)
Good luck.
On Mon, Feb 27, 2012 at 9:48 PM, zhong zhuqing <zhuqing.zho...@gmail.com>wrote:
> Hello,
>
> I wasn’t able to rewrite the @IP of the packet with the error message ‘Fatal
> Error: Cache file testIP.cache doesn't contain a full header
>
> ’
>
> The pcap file that I used « test.pcap » is attached in this mail.
>
> I want to change the @IP source and destination, as well as the @Mac
> source and destination:
>
> @IP source 192.168.1.52 à 10.0.0.1
>
> @IP destination 119.188.40.88 à 192.168.1.1
>
> @Mac source 00 :1e :65 :24 :4e :3a à 00 :1e :65 :11 :22 :33@Mac dest
> 00:1f :9f :be :1a:64 à 00:1f:9f:00:33:22
>
>
> The commands that I used were as follows:
>
> /to split the traffic according to @ Mac/
>
> thomas@thomas-Lab:/media/F0B4-EF22/pcap$ tcpprep --mac=00:1e:65:24:4e:3a
> --pcap=test.pcap --cachefile=testIP.cache
>
>
>
> /the following message was showed after the command above/
>
> *** buffer overflow detected ***: tcpprep terminated
>
> ======= Backtrace: =========
>
> /lib/i386-linux-gnu/libc.so.6(__fortify_fail+0x45)[0x1f78d5]
>
> /lib/i386-linux-gnu/libc.so.6(+0xe66d7)[0x1f66d7]
>
> /lib/i386-linux-gnu/libc.so.6(+0xe5c02)[0x1f5c02]
>
> tcpprep[0x804fd78]
>
> tcpprep[0x804a780]
>
> /lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf3)[0x129113]
>
> tcpprep[0x804ac65]
>
> ======= Memory map: ========
>
> 00110000-00286000 r-xp 00000000 08:01 1570725 /lib/i386-linux-gnu/
> libc-2.13.so
>
> 00286000-00288000 r--p 00176000 08:01 1570725 /lib/i386-linux-gnu/
> libc-2.13.so
>
> 00288000-00289000 rw-p 00178000 08:01 1570725 /lib/i386-linux-gnu/
> libc-2.13.so
>
> 00289000-0028c000 rw-p 00000000 00:00 0
>
> 0028c000-002a8000 r-xp 00000000 08:01 1570746
> /lib/i386-linux-gnu/libgcc_s.so.1
>
> 002a8000-002a9000 r--p 0001b000 08:01 1570746
> /lib/i386-linux-gnu/libgcc_s.so.1
>
> 002a9000-002aa000 rw-p 0001c000 08:01 1570746
> /lib/i386-linux-gnu/libgcc_s.so.1
>
> 006d9000-006f7000 r-xp 00000000 08:01 1570712 /lib/i386-linux-gnu/
> ld-2.13.so
>
> 006f7000-006f8000 r--p 0001d000 08:01 1570712 /lib/i386-linux-gnu/
> ld-2.13.so
>
> 006f8000-006f9000 rw-p 0001e000 08:01 1570712 /lib/i386-linux-gnu/
> ld-2.13.so
>
> 00b56000-00b57000 r-xp 00000000 00:00 0 [vdso]
>
> 08048000-08098000 r-xp 00000000 08:01 785152 /usr/bin/tcpprep
>
> 08098000-08099000 r--p 0004f000 08:01 785152 /usr/bin/tcpprep
>
> 08099000-0809b000 rw-p 00050000 08:01 785152 /usr/bin/tcpprep
>
> 0809b000-080bc000 rw-p 00000000 00:00 0
>
> 098ab000-098cc000 rw-p 00000000 00:00 0 [heap]
>
> b778b000-b778c000 rw-p 00000000 00:00 0
>
> b779b000-b779d000 rw-p 00000000 00:00 0
>
> bffb8000-bffd9000 rw-p 00000000 00:00 0 [stack]
>
> Aborted
>
>
>
>
> /next, I have used the ‘tcprewrite’ command to override the @IP and @Mac
>
> thomas@thomas-Lab:/media/F0B4-EF22/pcap$ tcprewrite
> --endpoints=10.0.0.1:192.168.0.1 --enet-smac=00:1e:65:11:22:33
> --enet-dmac=00:1f:9f:00:33:22 --cachefile=testIP.cache -i test.pcap -o
> IPtest.pcap
>
>
>
> /the following error message was given/
>
> Fatal Error: Cache file testIP.cache doesn't contain a full header
>
>
>
>
> Could you please tell me where is my mistake?
>
>
>
> For the other information complementary:
>
> cpreplay version: 3.4.3 (build 2375)
>
> Copyright 2001-2009 by Aaron Turner <aturner at synfin dot net>
>
> Cache file supported: 04
>
> Not compiled with libdnet.
>
> Compiled against libpcap: 1.1.1
>
> 64 bit packet counters: enabled
>
> Verbose printing via tcpdump: enabled
>
> Packet editing: disabled
>
> Fragroute engine: disabled
>
> Injection method: PF_PACKET send()
>
>
>
> The OS is Ubuntu 11.10 OS 32type bits.
>
>
> Thanks in advance for your answers !
>
>
>
> ZhuQing ZHONG
>
>
>
>
> ------------------------------------------------------------------------------
> Try before you buy = See our experts in action!
> The most comprehensive online learning library for Microsoft developers
> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> Metro Style Apps, more. Free future releases when you subscribe now!
> http://p.sf.net/sfu/learndevnow-dev2
> _______________________________________________
> Tcpreplay-users mailing list
> Tcpreplay-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
>
------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________
Tcpreplay-users mailing list
Tcpreplay-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
