Thank you very much for your reply
Best Regards
Mehdi
On Wednesday, May 7, 2014 12:48 PM, Aaron Turner <synfina...@gmail.com> wrote:
It's really poor form to hijack a thread with a totally unrelated
question, but since you asked:
You'll need to use tcprewrite to convert the DLT format of the pcap to
RAW so the DLT's match. Honestly, I don't have any experience with
sending traffic over an OpenVPN tunnel.
--
Aaron Turner
http://synfin.net/ Twitter: @synfinatic
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety.
-- Benjamin Franklin
On Thu, May 1, 2014 at 10:03 PM, <mahdi312...@yahoo.com> wrote:
> Hi
>
> I am trying to send the pcap traffic using tcpreplay to the Openvpn
> interface, "tun0", but i received the following warning:
> "DLT (EN10MB) does not match that of the outbound interface: tun0 (RAW)"
> Would you please help me to address the issue.
> As a information, I have a pre-captured pcap file and need to replay this
> file inside the encrypted tunnel including openvpn.
> Thanks in advance
>
> Best Regards
> Mehdi Barati
>
> P Consider the environment, please don't print this e-mail unless it is
> necessary
> On Friday, May 2, 2014 1:03 AM, Aaron Turner <synfina...@gmail.com> wrote:
> Well tcpprep has enough modes & options that I'm pretty certain that
> it can do what you want if it is possible. However, what you're asking
> for isn't possible for any imaginable tool for every possible PCAP.
>
> For example, if you have three hosts: A, B and C and each host
> connects to the other two, what you're asking for is impossible.
> --
> Aaron Turner
> http://synfin.net/ Twitter: @synfinatic
> Those who would give up essential Liberty, to purchase a little temporary
> Safety, deserve neither Liberty nor Safety.
> -- Benjamin Franklin
>
>
> On Thu, May 1, 2014 at 8:45 AM, Bradley, Jon <jdb...@sandia.gov> wrote:
>> Thanks for your quick response. I'll try that. For application we need
>> nodes classified as strictly server or client, so this may not be the right
>> tool to use.
>>
>>
>>
>>
>> -----Original Message-----
>> From: Aaron Turner [mailto:synfina...@gmail.com]
>> Sent: Wednesday, April 30, 2014 3:39 PM
>> To: Main forum for tcpreplay
>> Subject: [EXTERNAL] Re: [Tcpreplay-users] tcpprep server/client
>> assignments unstable in cache file
>>
>> Basically what that means is that tcpprep has classified BOTH
>> 192.168.1.221 and 134.253.181.25 in the same category. Tcpprep actually
>> looks at the entire pcap and does some basic analysis to classify IP's as
>> "clients" or "servers", but sometimes the traffic contains both client &
>> server functionality for the same IP. A common example would be a SMTP
>> server which is both accepting mail and relaying mail out. In such a case,
>> tcpprep will look at the ratio to decide.
>>
>> You can also get situations where the traffic for a given IP where there
>> isn't an obvious client/server relationship. In those cases, tcpprep looks
>> at the IP's nearby to see if it can figure it out. The theory being that
>> servers tend to be on their own subnets, so any IP on the same subnet as
>> another server is more likely to be a server too.
>>
>> In these cases, tcpprep's --ratio and --minmask/--maxmask can help tune
>> how things are categorized.
>>
>> --
>> Aaron Turner
>> http://synfin.net/ Twitter: @synfinatic
>> Those who would give up essential Liberty, to purchase a little temporary
>> Safety, deserve neither Liberty nor Safety.
>> -- Benjamin Franklin
>>
>>
>> On Wed, Apr 30, 2014 at 1:18 PM, Bradley, Jon <jdb...@sandia.gov> wrote:
>>> Hi all,
>>>
>>> We're attempting to use tcpprep to partition nodes on a network into
>>> clients and servers, but are getting some unexpected results.
>>>
>>> We are not using tcpreplay to replay the traffic, we would only like to
>>> leverage the tcpprep's algorithms for distinguishing servers and clients.
>>>
>>> We are using a command like:
>>>
>>> tcpprep --auto=bridge --pcap=100meg.pcap --cachefile=100meg.cache
>>> tcpprep --print-info=100meg.cache > dirs.txt
>>>
>>> We then combine it with a dump of the IP addresses like this:
>>>
>>> tshark -n -o
>>> "column.format:srcaddr,\"%s\",srcport,\"%uS\",dstaddr,\"%d\",dstport,\
>>> "%uD\"" -r 100meg.pcap > ips.txt paste -d' == ' ips.txt dirs.txt >
>>> both.txt
>>>
>>> Now I have a file like this:
>>> ....
>>> 134.253.26.250 80 192.168.1.36 57090 Packet 139991 -> Secondary
>>> 192.168.1.36 57090 134.253.26.250 80 Packet 139992 -> Primary
>>> 134.253.26.250 80 192.168.1.36 57090 Packet 139993 -> Secondary
>>> 134.253.26.250 80 192.168.1.36 57090 Packet 139994 -> Secondary
>>> 192.168.1.36 57090 134.253.26.250 80 Packet 139995 -> Primary ....
>>>
>>> I think this is telling me the whether the first (if primary) or second
>>> (if secondary) ip address is the client.
>>>
>>> However, I run into situations like this:
>>>
>>> 192.168.1.221 53344 134.253.181.25 53 Packet 14067 -> Secondary [LINE
>>> A]
>>> 134.253.181.25 53 192.168.1.221 53344 Packet 14068 -> Secondary [LINE
>>> B]
>>>
>>> Where we can see that 192.168.1.221 is classified as a client of
>>> 134.253.181.25 in LINE A, But the roles are reversed on LINE B.
>>>
>>> I was under the impression from the documentation that an IP address
>>> would be classified as either a "server" or a "client" for the entire life
>>> of the pcap file, but here the roles are reversed *even with respect to
>>> eachother*.
>>>
>>> We have tried using the different modes of --auto, with no luck.
>>>
>>> Am I mis-using the tool? Is there a better way to get at a clean
>>> partitioning of servers/clients? Am I missing something conceptually?
>>>
>>> ---OUTPUT OF tcpprep -V -----
>>> tcpprep version: 4.0.4 (build git:v4.0.4) Copyright 2013-2014 by Fred
>>> Klassen <tcpreplay at appneta dot com> - AppNeta Inc.
>>> Copyright 2000-2012 by Aaron Turner <aturner at synfin dot net> The
>>> entire Tcpreplay Suite is licensed under the GPLv3 Cache file
>>> supported: 04 Not compiled with libdnet.
>>> Compiled against libpcap: 1.1.1
>>> 64 bit packet counters: enabled
>>> Verbose printing via tcpdump: enabled
>>> ------------------------------------------
>>>
>>>
>>> Thanks for any help /suggestions.
>>>
>>> ----------------------------------------------------------------------
>>> -------- "Accelerate Dev Cycles with Automated Cross-Browser Testing -
>>> For FREE Instantly run your Selenium tests across 300+ browser/OS
>>> combos. Get unparalleled scalability from the best Selenium testing
>>> platform available.
>>> Simple to use. Nothing to install. Get started now for free."
>>> http://p.sf.net/sfu/SauceLabs
>>> _______________________________________________
>>> Tcpreplay-users mailing list
>>> Tcpreplay-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
>>> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
>
>>
>>
>> ------------------------------------------------------------------------------
>> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
>> Instantly run your Selenium tests across 300+ browser/OS combos. Get
>> unparalleled scalability from the best Selenium testing platform available.
>> Simple to use. Nothing to install. Get started now for free."
>> http://p.sf.net/sfu/SauceLabs
>> _______________________________________________
>> Tcpreplay-users mailing list
>> Tcpreplay-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
>> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
>>
>>
>> ------------------------------------------------------------------------------
>> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
>> Instantly run your Selenium tests across 300+ browser/OS combos. Get
>> unparalleled scalability from the best Selenium testing platform
>> available.
>> Simple to use. Nothing to install. Get started now for free."
>> http://p.sf.net/sfu/SauceLabs
>> _______________________________________________
>> Tcpreplay-users mailing list
>> Tcpreplay-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
>> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
>
> ------------------------------------------------------------------------------
> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
> Instantly run your Selenium tests across 300+ browser/OS combos. Get
> unparalleled scalability from the best Selenium testing platform available.
> Simple to use. Nothing to install. Get started now for free."
> http://p.sf.net/sfu/SauceLabs
> _______________________________________________
> Tcpreplay-users mailing list
> Tcpreplay-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
>
>
>
> ------------------------------------------------------------------------------
> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
> Instantly run your Selenium tests across 300+ browser/OS combos. Get
> unparalleled scalability from the best Selenium testing platform available.
> Simple to use. Nothing to install. Get started now for free."
> http://p.sf.net/sfu/SauceLabs
> _______________________________________________
> Tcpreplay-users mailing list
> Tcpreplay-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
------------------------------------------------------------------------------
Is your legacy SCM system holding you back? Join Perforce May 7 to find out:
• 3 signs your SCM is hindering your productivity
• Requirements for releasing software faster
• Expert tips and advice for migrating your SCM now
http://p.sf.net/sfu/perforce
_______________________________________________
Tcpreplay-users mailing list
Tcpreplay-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
------------------------------------------------------------------------------
Is your legacy SCM system holding you back? Join Perforce May 7 to find out:
• 3 signs your SCM is hindering your productivity
• Requirements for releasing software faster
• Expert tips and advice for migrating your SCM now
http://p.sf.net/sfu/perforce
_______________________________________________
Tcpreplay-users mailing list
Tcpreplay-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
