I have read the instructions about passing traffic through a router,
http://tcpreplay.synfin.net/wiki/usage#PassingTrafficThroughaFirewallRouterNon-TransparentDevice
and I just have a question or two.
Overall it makes sense, but there seems to be at least one issue.
First, I want to capture a pcap at point 'X' in the following setup using a
smart switch to mirror the traffic off to another PC which records the traffic
with wireshark:
Computer----X-----router----------Internet
Then, I filter that pcap for just one kind of flow.
Now I want to take that pcap, and use a different PC with two network
interfaces (Eth0 and Eth1), with a different router, and I want to
rewrite/replay this pcap in a setup like:
eth0-----router-----eth1
So here's the issue though - don't routers translate ports? That is, a packet
from the server (eth1) gets sent to the router at some port, and then the
router translates that to a different port on its LAN interface before sending
it to the client (eth0). These ports used may be different than the original
capture, no? Don't most routers choose an available port at random?
I'm guessing this is pretty tricky because don't we have to check (somehow) on
the router what port it opened up for this connection before we know how to
tcprewrite/replay the rest of the packets?
Note: I'm a beginner at testing routers, so if I'm way off let me know...
Mike
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Tcpreplay-users mailing list
Tcpreplay-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
