Hi
I am trying to send the pcap traffic using tcpreplay to the Openvpn interface,
"tun0", but i received the following warning:
"DLT (EN10MB) does not match that of the outbound interface: tun0 (RAW)"
Would you please help me to address the issue.
As a information, I have a pre-captured pcap file and need to replay this file
inside the encrypted tunnel including openvpn.
Thanks in advance
Best Regards
Mehdi Barati
PConsider the environment, please don't print this e-mail unless it is necessary
On Friday, May 2, 2014 1:03 AM, Aaron Turner <synfina...@gmail.com> wrote:
Well tcpprep has enough modes & options that I'm pretty certain that
it can do what you want if it is possible. However, what you're asking
for isn't possible for any imaginable tool for every possible PCAP.
For example, if you have three hosts: A, B and C and each host
connects to the other two, what you're asking for is impossible.
--
Aaron Turner
http://synfin.net/ Twitter: @synfinatic
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety.
-- Benjamin Franklin
On Thu, May 1, 2014 at 8:45 AM, Bradley, Jon <jdb...@sandia.gov> wrote:
> Thanks for your quick response. I'll try that. For application we need
> nodes classified as strictly server or client, so this may not be the right
> tool to use.
>
>
>
>
> -----Original Message-----
> From: Aaron Turner [mailto:synfina...@gmail.com]
> Sent: Wednesday, April 30, 2014 3:39 PM
> To: Main forum for tcpreplay
> Subject: [EXTERNAL] Re: [Tcpreplay-users] tcpprep server/client assignments
> unstable in cache file
>
> Basically what that means is that tcpprep has classified BOTH
> 192.168.1.221 and 134.253.181.25 in the same category. Tcpprep actually
> looks at the entire pcap and does some basic analysis to classify IP's as
> "clients" or "servers", but sometimes the traffic contains both client &
> server functionality for the same IP. A common example would be a SMTP
> server which is both accepting mail and relaying mail out. In such a case,
> tcpprep will look at the ratio to decide.
>
> You can also get situations where the traffic for a given IP where there
> isn't an obvious client/server relationship. In those cases, tcpprep looks
> at the IP's nearby to see if it can figure it out. The theory being that
> servers tend to be on their own subnets, so any IP on the same subnet as
> another server is more likely to be a server too.
>
> In these cases, tcpprep's --ratio and --minmask/--maxmask can help tune how
> things are categorized.
>
> --
> Aaron Turner
> http://synfin.net/ Twitter: @synfinatic
> Those who would give up essential Liberty, to purchase a little temporary
> Safety, deserve neither Liberty nor Safety.
> -- Benjamin Franklin
>
>
> On Wed, Apr 30, 2014 at 1:18 PM, Bradley, Jon <jdb...@sandia.gov> wrote:
>> Hi all,
>>
>> We're attempting to use tcpprep to partition nodes on a network into clients
>> and servers, but are getting some unexpected results.
>>
>> We are not using tcpreplay to replay the traffic, we would only like to
>>leverage the tcpprep's algorithms for distinguishing servers and clients.
>>
>> We are using a command like:
>>
>> tcpprep --auto=bridge --pcap=100meg.pcap --cachefile=100meg.cache
>> tcpprep --print-info=100meg.cache > dirs.txt
>>
>> We then combine it with a dump of the IP addresses like this:
>>
>> tshark -n -o
>> "column.format:srcaddr,\"%s\",srcport,\"%uS\",dstaddr,\"%d\",dstport,\
>> "%uD\"" -r 100meg.pcap > ips.txt paste -d' == ' ips.txt dirs.txt >
>> both.txt
>>
>> Now I have a file like this:
>> ....
>> 134.253.26.250 80 192.168.1.36 57090 Packet 139991 -> Secondary
>> 192.168.1.36 57090 134.253.26.250 80 Packet 139992 -> Primary
>> 134.253.26.250 80 192.168.1.36 57090 Packet 139993 -> Secondary
>> 134.253.26.250 80 192.168.1.36 57090 Packet 139994 -> Secondary
>> 192.168.1.36 57090 134.253.26.250 80 Packet 139995 -> Primary ....
>>
>> I think this is telling me the whether the first (if primary) or second (if
>> secondary) ip address is the client.
>>
>> However, I run into situations like this:
>>
>> 192.168.1.221 53344 134.253.181.25 53 Packet 14067 -> Secondary [LINE
>> A]
>> 134.253.181.25 53 192.168.1.221 53344 Packet 14068 -> Secondary [LINE
>> B]
>>
>> Where we can see that 192.168.1.221 is classified as a client of
>> 134.253.181.25 in LINE A, But the roles are reversed on LINE B.
>>
>> I was under the impression from the documentation that an IP address would
>> be classified as either a "server" or a "client" for the entire life of the
>> pcap file, but here the roles are reversed *even with respect to eachother*.
>>
>> We have tried using the different modes of --auto, with no luck.
>>
>> Am I mis-using the tool? Is there a better way to get at a clean
>> partitioning of servers/clients? Am I missing something conceptually?
>>
>> ---OUTPUT OF tcpprep -V -----
>> tcpprep version: 4.0.4 (build git:v4.0.4) Copyright 2013-2014 by Fred
>> Klassen <tcpreplay at appneta dot com> - AppNeta Inc.
>> Copyright 2000-2012 by Aaron Turner <aturner at synfin dot net> The
>> entire Tcpreplay Suite is licensed under the GPLv3 Cache file
>> supported: 04 Not compiled with libdnet.
>> Compiled against libpcap: 1.1.1
>> 64 bit packet counters: enabled
>> Verbose printing via tcpdump: enabled
>> ------------------------------------------
>>
>>
>> Thanks for any help /suggestions.
>>
>> ----------------------------------------------------------------------
>> -------- "Accelerate Dev Cycles with Automated Cross-Browser Testing -
>> For FREE Instantly run your Selenium tests across 300+ browser/OS
>> combos. Get unparalleled scalability from the best Selenium testing
>> platform available.
>> Simple to use. Nothing to install. Get started now for free."
>> http://p.sf.net/sfu/SauceLabs
>> _______________________________________________
>> Tcpreplay-users mailing list
>> Tcpreplay-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
>> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
>
> ------------------------------------------------------------------------------
> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
> Instantly run your Selenium tests across 300+ browser/OS combos. Get
> unparalleled scalability from the best Selenium testing platform available.
> Simple to use. Nothing to install. Get started now for free."
> http://p.sf.net/sfu/SauceLabs
> _______________________________________________
> Tcpreplay-users mailing list
> Tcpreplay-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
>
> ------------------------------------------------------------------------------
> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
> Instantly run your Selenium tests across 300+ browser/OS combos. Get
> unparalleled scalability from the best Selenium testing platform available.
> Simple to use. Nothing to install. Get started now for free."
> http://p.sf.net/sfu/SauceLabs
> _______________________________________________
> Tcpreplay-users mailing list
> Tcpreplay-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos. Get
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Tcpreplay-users mailing list
Tcpreplay-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos. Get
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Tcpreplay-users mailing list
Tcpreplay-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
