Re: [Tcpreplay-users] Split pcap in 2 directions

Fri, 25 May 2012 07:55:40 -0700 

Actually I would prefer to some way usr the cache file already generated

As the pcap files are from public repositories (for IPS testing) it would be 
quite a job to gather all client and server IPs in order to split it this way, 
specially since tcpprep already did the job

Even more, I would love to keep too non IP traffic like those ARP and DHCP

Enviado desde Xperia™ S

-------- Original Message --------
Subject: Re: [Tcpreplay-users] Split pcap in 2 directions
From: Michael Schultz <mjschu...@gmail.com>
To: Main forum for tcpreplay <tcpreplay-users@lists.sourceforge.net>
CC: 

On Fri, May 25, 2012 at 8:23 AM, Jaime Nebrera
<jnebr...@eneotecnologia.com>wrote:

> Still, the pcaps are big, like 1 to 2 Gb. Might be a bit too much for WS
>
> Any way to do so from command line so I can automate it?
>

tcpdump should work.

The format would be something like:

    $ tcpdump -r <master-file> -w <client-file> src <client-ip>
    $ tcpdump -r <master-file> -w <server-file> src <server-ip>

The -r and -w flags tell tcpdump to read from and write to the respective
files.

If you have other packets you could extend the BPF expressions by
specifying the destination IP of the server or client.  This will only
filter out packet with the client and server IPs (missing any ARP and some
DHCP packets), but that probably won't be a problem.

--michael

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Tcpreplay-users mailing list
Tcpreplay-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Tcpreplay-users mailing list
Tcpreplay-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
Support Information: http://tcpreplay.synfin.net/trac/wiki/Support

Reply via email to