No Aaron .. I am using a Linux box (Fedora) to send tcpreplay packets to radisys pp81 platform on which l7 filter is running. Radisys provides a complete chassis which consist of SCM5 switch, XE80(to store Linux image which runs on XLP processors of PP81) and PP81 box.. I hope that answers your doubts..
Best regards, Rikshit Sent from my iPhone > On 17-Sep-2014, at 16:37, Aaron Turner <[email protected]> wrote: > > Are you trying to get the L7 filter on the same box that is running > tcpreplay to see/process the packets? If so, that's your problem. L7 > filters see incoming packets, but tcpreplay sends them outbound > (regardless of what your L2 header says). > > The only time a process will see packets that tcpreplay sends on the > same box is when it is opening a PF_PACKET (or equivalent) socket and > running in promiscuous mode. > > -- > Aaron Turner > http://synfin.net/ Twitter: @synfinatic > Those who would give up essential Liberty, to purchase a little temporary > Safety, deserve neither Liberty nor Safety. > -- Benjamin Franklin > > >> On Tue, Sep 16, 2014 at 3:55 AM, rikagg1 . <[email protected]> wrote: >> Hello all, >> >> I am also attaching DNS1-client.pcap file for the refrence..:) >> >> Best Regards, >> Rikshit >> >>> On Tue, Sep 16, 2014 at 12:51 PM, rikagg1 . <[email protected]> wrote: >>> >>> Hello all, >>> >>> I am hopeful, I will get the answer to my question here.. >>> My problem is, I am sending DNS pcap file to the l7 filter but the filter >>> is not able to detect it..Rather the server is answering a dhcp broadcast >>> which is getting detected. >>> >>> I sent 5 DNS packets but DHCP is getting detected.. >>> I used the following commands on my client. >>> >>> 1) tcprewrite --enet-dmac=ff:ff:ff:ff:ff:ff --enet-smac=00:19:D1:02:6D:0D >>> --infile=dns1.cap --outfile=DNS1.pcap >>> (since the packets are broadcast) >>> >>> 2)tcpdump -s0 -r DNS1.pcap -w DNS1-client.pcap ip src 192.168.170.56 >>> (to filter the packets, removing the packets from server) >>> >>> 3)sudo tcpreplay -i eth0 DNS1-client.pcap >>> >>> [root@D10-15 PPA]# sudo tcpreplay -i eth0 DNS1-client.pcap sending out >>> eth0 processing file: DNS1-client.pcap Actual: 5 packets (533 bytes) sent in >>> 7.61 seconds. Rated: 70.0 bps, 0.00 Mbps, 0.66 pps Statistics for network >>> device: eth0 Attempted packets: 5 Successful packets: 5 Failed packets: 0 >>> Retried packets (ENOBUFS): 0 >>> >>> Here is the preview from L7 filter: >>> >>> Added: stun mark=19 >>> opening library handle >>> unbinding existing nf_queue handler for AF_INET (if any) >>> binding nfnetlink_queue as nf_queue handler for AF_INET >>> binding this socket to queue '0' >>> setting copy_packet mode >>> hw_protocol = 0x0800 hook = 0 id = 0 wholemark = 00000000 mark = 0 indev = >>> 4 payload_len = 115 >>> Made key from packet: udp 17 src=217.13.4.24 dst=192.168.170.56 >>> sport=53 dport=1707 >>> Made key from packet: udp 17 src=192.168.170.56 dst=217.13.4.24 >>> sport=1707 dport=53 >>> Got packet, had no ct: udp 17 src=192.168.170.56 dst=217.13.4.24 >>> sport=1707 dport=53 >>> Didn't yet find udp 17 src=217.13.4.24 dst=192.168.170.56 sport=53 >>> dport=1707 >>> Set verdict ACCEPT, mark 0x000001 >>> hw_protocol = 0x0800 hook = 0 id = 1 wholemark = 00000000 mark = 0 indev = >>> 4 payload_len = 84 >>> Made key from packet: udp 17 src=217.13.4.24 dst=192.168.170.56 >>> sport=53 dport=1708 >>> Made key from packet: udp 17 src=192.168.170.56 dst=217.13.4.24 >>> sport=1708 dport=53 >>> Got packet, had no ct: udp 17 src=192.168.170.56 dst=217.13.4.24 >>> sport=1708 dport=53 >>> Didn't yet find udp 17 src=217.13.4.24 dst=192.168.170.56 sport=53 >>> dport=1708 >>> Set verdict ACCEPT, mark 0x000001 >>> hw_protocol = 0x0800 hook = 0 id = 2 wholemark = 00000000 mark = 0 indev = >>> 4 payload_len = 126 >>> Made key from packet: udp 17 src=217.13.4.24 dst=192.168.170.56 >>> sport=53 dport=1709 >>> Made key from packet: udp 17 src=192.168.170.56 dst=217.13.4.24 >>> sport=1709 dport=53 >>> Got packet, had no ct: udp 17 src=192.168.170.56 dst=217.13.4.24 >>> sport=1709 dport=53 >>> Didn't yet find udp 17 src=217.13.4.24 dst=192.168.170.56 sport=53 >>> dport=1709 >>> Set verdict ACCEPT, mark 0x000001 >>> hw_protocol = 0x0800 hook = 0 id = 3 wholemark = 00000000 mark = 0 indev = >>> 4 payload_len = 69 >>> Made key from packet: udp 17 src=217.13.4.24 dst=192.168.170.56 >>> sport=53 dport=1710 >>> Made key from packet: udp 17 src=192.168.170.56 dst=217.13.4.24 >>> sport=1710 dport=53 >>> Got packet, had no ct: udp 17 src=192.168.170.56 dst=217.13.4.24 >>> sport=1710 dport=53 >>> Didn't yet find udp 17 src=217.13.4.24 dst=192.168.170.56 sport=53 >>> dport=1710 >>> Set verdict ACCEPT, mark 0x000001 >>> hw_protocol = 0x0800 hook = 0 id = 4 wholemark = 00000000 mark = 0 indev = >>> 4 payload_len = 328 >>> Made key from packet: udp 17 src=255.255.255.255 dst=0.0.0.0 >>> sport=67 dport=68 >>> Made key from packet: udp 17 src=0.0.0.0 dst=255.255.255.255 >>> sport=68 dport=67 >>> Got packet, had no ct: udp 17 src=0.0.0.0 dst=255.255.255.255 >>> sport=68 dport=67 >>> Didn't yet find udp 17 src=255.255.255.255 dst=0.0.0.0 sport=67 >>> dport=68 >>> Set verdict ACCEPT, mark 0x000001 >>> Got event: NFCT_MSG_NEW >>> Made key from ct: udp 17 src=0.0.0.0 dst=255.255.255.255 >>> sport=68 dport=67 >>> hw_protocol = 0x0800 hook = 0 id = 5 wholemark = 00000000 mark = 0 indev = >>> 4 payload_len = 328 >>> Made key from packet: udp 17 src=255.255.255.255 dst=0.0.0.0 >>> sport=67 dport=68 >>> Made key from packet: udp 17 src=0.0.0.0 dst=255.255.255.255 >>> sport=68 dport=67 >>> Found connection reply: udp 17 src=0.0.0.0 dst=255.255.255.255 >>> sport=68 dport=67 >>> Appended data. Length so far = 33 >>> Packet #1, data is: ..... .&P..zc.Sc5..7..*BC=.255-1. >>> checking against ssh >>> checking against telnet >>> checking against dhcp >>> matched dhcp >>> Set verdict ACCEPT, mark 0x000005 >>> >>> I am also attaching a screenshot from L7 filter and the dns.pcap packets, >>> I replayed. >>> >>> Can anyone please help?? >> >> >> ------------------------------------------------------------------------------ >> Want excitement? >> Manually upgrade your production database. >> When you want reliability, choose Perforce. >> Perforce version control. Predictably reliable. >> http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk >> _______________________________________________ >> Tcpreplay-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users >> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support > > ------------------------------------------------------------------------------ > Want excitement? > Manually upgrade your production database. > When you want reliability, choose Perforce > Perforce version control. Predictably reliable. > http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk > _______________________________________________ > Tcpreplay-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/tcpreplay-users > Support Information: http://tcpreplay.synfin.net/trac/wiki/Support ------------------------------------------------------------------------------ Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk _______________________________________________ Tcpreplay-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/tcpreplay-users Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
