"depends" Typically, when someone says "router" they mean a device which routes IP packets, which is solely Layer3. In today's networking market though, a router often does many different things, including features which are typically considered "firewall" like features like NAT and port translation.
If your router is just routing, then the docs should work just fine. If your router is doing other things like NAT, then things get either difficult or impossible depending on what exactly it does. Your best bet is to either review your router's config or run tcpdump on the other side of the router (internet side) and see what the traffic looks like. On Fri, Jul 13, 2012 at 12:09 PM, Anderson, Michael <mband...@qca.qualcomm.com> wrote: > I have read the instructions about passing traffic through a router, > > > http://tcpreplay.synfin.net/wiki/usage#PassingTrafficThroughaFirewallRouterNon-TransparentDevice > > and I just have a question or two. > > > > Overall it makes sense, but there seems to be at least one issue. > > > > First, I want to capture a pcap at point ‘X’ in the following setup using a > smart switch to mirror the traffic off to another PC which records the > traffic with wireshark: > > Computer----X-----router----------Internet > > > > Then, I filter that pcap for just one kind of flow. > > Now I want to take that pcap, and use a different PC with two network > interfaces (Eth0 and Eth1), with a different router, and I want to > rewrite/replay this pcap in a setup like: > > eth0-----router-----eth1 > > > > > > So here’s the issue though – don’t routers translate ports? That is, a > packet from the server (eth1) gets sent to the router at some port, and then > the router translates that to a different port on its LAN interface before > sending it to the client (eth0). These ports used may be different than the > original capture, no? Don’t most routers choose an available port at > random? > > > > I’m guessing this is pretty tricky because don’t we have to check (somehow) > on the router what port it opened up for this connection before we know how > to tcprewrite/replay the rest of the packets? > > > > > > Note: I’m a beginner at testing routers, so if I’m way off let me know… > > Mike > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Tcpreplay-users mailing list > Tcpreplay-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/tcpreplay-users > Support Information: http://tcpreplay.synfin.net/trac/wiki/Support -- Aaron Turner http://synfin.net/ Twitter: @synfinatic http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin "carpe diem quam minimum credula postero" ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Tcpreplay-users mailing list Tcpreplay-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tcpreplay-users Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
