Using 94.194.255.4/0 is a bit odd. You're basically writing 0.0.0.0/0 or 255.255.255.255/0... they're all equivalent and so you're matching everything.
Could be a bug with calculating the offsets though. Try first converting it to Ethernet first and then running tcprewrite a second time to change the source IP. -- Aaron Turner http://synfin.net/ Twitter: @synfinatic Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin On Mon, Feb 10, 2014 at 2:00 PM, Ryan d'Eon <rd...@jnetrixsystems.com> wrote: > Hello, > > I've taken a pcap file from: https://code.osso.nl/projects/sipp/browser#pcap > , the one labeled "sendfax.pcap". > I've viewed it in wireshark, looked at the source and dest IPs, and want to > change them to ones of my choosing. > To try to change source ip = 94.194.255.4 to 192.168.1.211, I used: > tcprewrite --srcipmap=94.194.255.4/0:192.168.1.211/32 > --infile=../pcap/sendfax.pcap --outfile=../pcap/mod_sendfax.pcap --dlt=enet > --fixcsum > > But when I view this output file in wireshark, instead I find that the source > IP has changed to 255.255.192.168 and dest IP is now 1.211.255.103 . Notice > the ip I was looking for, 192.168.1.211, is split across the two! Wireshark > also tells me the checksum is now wrong. > This looks to (naive) me like the tool might have edited the wrong bytes. > However, I know so little about the syntax of this operation, that I can't be > sure. I've tried a variety of xx.xx.xx.xx/y , with colons and commas, and > this experimentation + reading the docs has left me here. > > So, any help you could give would great. > In case it helps, > $ tcprewrite -V > tcprewrite version: 3.4.4 (build 2450) > Copyright 2000-2010 by Aaron Turner <aturner at synfin dot net> > Cache file supported: 04 > Not compiled with libdnet. > Compiled against libpcap: 1.1.1 > 64 bit packet counters: enabled > Verbose printing via tcpdump: enabled > Fragroute engine: disabled > > I'm using OSX 10.7.5, and there are no error messages. The input file is > Linux Cooked (DLT_LINUX_SLL), which is why I had to specify the output > encoding to enet. > > Thanks, > Ryan > ------------------------------------------------------------------------------ > Android apps run on BlackBerry 10 > Introducing the new BlackBerry 10.2.1 Runtime for Android apps. > Now with support for Jelly Bean, Bluetooth, Mapview and more. > Get your Android app in front of a whole new audience. Start now. > http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk > _______________________________________________ > Tcpreplay-users mailing list > Tcpreplay-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/tcpreplay-users > Support Information: http://tcpreplay.synfin.net/trac/wiki/Support ------------------------------------------------------------------------------ Android apps run on BlackBerry 10 Introducing the new BlackBerry 10.2.1 Runtime for Android apps. Now with support for Jelly Bean, Bluetooth, Mapview and more. Get your Android app in front of a whole new audience. Start now. http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk _______________________________________________ Tcpreplay-users mailing list Tcpreplay-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tcpreplay-users Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
