Uh, I'm sure all those acronyms/model numbers mean something to you, but I can assure you they mean nothing to me. :) Sounds like you should simplify things if possible. -- Aaron Turner http://synfin.net/ Twitter: @synfinatic Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin
On Wed, Sep 17, 2014 at 8:42 AM, Rikshit Aggarwal <rika...@gmail.com> wrote: > No Aaron .. I am using a Linux box (Fedora) to send tcpreplay packets to > radisys pp81 platform on which l7 filter is running. Radisys provides a > complete chassis which consist of SCM5 switch, XE80(to store Linux image > which runs on XLP processors of PP81) and PP81 box.. I hope that answers your > doubts.. > > Best regards, > Rikshit > > Sent from my iPhone > >> On 17-Sep-2014, at 16:37, Aaron Turner <synfina...@gmail.com> wrote: >> >> Are you trying to get the L7 filter on the same box that is running >> tcpreplay to see/process the packets? If so, that's your problem. L7 >> filters see incoming packets, but tcpreplay sends them outbound >> (regardless of what your L2 header says). >> >> The only time a process will see packets that tcpreplay sends on the >> same box is when it is opening a PF_PACKET (or equivalent) socket and >> running in promiscuous mode. >> >> -- >> Aaron Turner >> http://synfin.net/ Twitter: @synfinatic >> Those who would give up essential Liberty, to purchase a little temporary >> Safety, deserve neither Liberty nor Safety. >> -- Benjamin Franklin >> >> >>> On Tue, Sep 16, 2014 at 3:55 AM, rikagg1 . <rika...@gmail.com> wrote: >>> Hello all, >>> >>> I am also attaching DNS1-client.pcap file for the refrence..:) >>> >>> Best Regards, >>> Rikshit >>> >>>> On Tue, Sep 16, 2014 at 12:51 PM, rikagg1 . <rika...@gmail.com> wrote: >>>> >>>> Hello all, >>>> >>>> I am hopeful, I will get the answer to my question here.. >>>> My problem is, I am sending DNS pcap file to the l7 filter but the filter >>>> is not able to detect it..Rather the server is answering a dhcp broadcast >>>> which is getting detected. >>>> >>>> I sent 5 DNS packets but DHCP is getting detected.. >>>> I used the following commands on my client. >>>> >>>> 1) tcprewrite --enet-dmac=ff:ff:ff:ff:ff:ff --enet-smac=00:19:D1:02:6D:0D >>>> --infile=dns1.cap --outfile=DNS1.pcap >>>> (since the packets are broadcast) >>>> >>>> 2)tcpdump -s0 -r DNS1.pcap -w DNS1-client.pcap ip src 192.168.170.56 >>>> (to filter the packets, removing the packets from server) >>>> >>>> 3)sudo tcpreplay -i eth0 DNS1-client.pcap >>>> >>>> [root@D10-15 PPA]# sudo tcpreplay -i eth0 DNS1-client.pcap sending out >>>> eth0 processing file: DNS1-client.pcap Actual: 5 packets (533 bytes) sent >>>> in >>>> 7.61 seconds. Rated: 70.0 bps, 0.00 Mbps, 0.66 pps Statistics for network >>>> device: eth0 Attempted packets: 5 Successful packets: 5 Failed packets: 0 >>>> Retried packets (ENOBUFS): 0 >>>> >>>> Here is the preview from L7 filter: >>>> >>>> Added: stun mark=19 >>>> opening library handle >>>> unbinding existing nf_queue handler for AF_INET (if any) >>>> binding nfnetlink_queue as nf_queue handler for AF_INET >>>> binding this socket to queue '0' >>>> setting copy_packet mode >>>> hw_protocol = 0x0800 hook = 0 id = 0 wholemark = 00000000 mark = 0 indev = >>>> 4 payload_len = 115 >>>> Made key from packet: udp 17 src=217.13.4.24 dst=192.168.170.56 >>>> sport=53 dport=1707 >>>> Made key from packet: udp 17 src=192.168.170.56 dst=217.13.4.24 >>>> sport=1707 dport=53 >>>> Got packet, had no ct: udp 17 src=192.168.170.56 dst=217.13.4.24 >>>> sport=1707 dport=53 >>>> Didn't yet find udp 17 src=217.13.4.24 dst=192.168.170.56 sport=53 >>>> dport=1707 >>>> Set verdict ACCEPT, mark 0x000001 >>>> hw_protocol = 0x0800 hook = 0 id = 1 wholemark = 00000000 mark = 0 indev = >>>> 4 payload_len = 84 >>>> Made key from packet: udp 17 src=217.13.4.24 dst=192.168.170.56 >>>> sport=53 dport=1708 >>>> Made key from packet: udp 17 src=192.168.170.56 dst=217.13.4.24 >>>> sport=1708 dport=53 >>>> Got packet, had no ct: udp 17 src=192.168.170.56 dst=217.13.4.24 >>>> sport=1708 dport=53 >>>> Didn't yet find udp 17 src=217.13.4.24 dst=192.168.170.56 sport=53 >>>> dport=1708 >>>> Set verdict ACCEPT, mark 0x000001 >>>> hw_protocol = 0x0800 hook = 0 id = 2 wholemark = 00000000 mark = 0 indev = >>>> 4 payload_len = 126 >>>> Made key from packet: udp 17 src=217.13.4.24 dst=192.168.170.56 >>>> sport=53 dport=1709 >>>> Made key from packet: udp 17 src=192.168.170.56 dst=217.13.4.24 >>>> sport=1709 dport=53 >>>> Got packet, had no ct: udp 17 src=192.168.170.56 dst=217.13.4.24 >>>> sport=1709 dport=53 >>>> Didn't yet find udp 17 src=217.13.4.24 dst=192.168.170.56 sport=53 >>>> dport=1709 >>>> Set verdict ACCEPT, mark 0x000001 >>>> hw_protocol = 0x0800 hook = 0 id = 3 wholemark = 00000000 mark = 0 indev = >>>> 4 payload_len = 69 >>>> Made key from packet: udp 17 src=217.13.4.24 dst=192.168.170.56 >>>> sport=53 dport=1710 >>>> Made key from packet: udp 17 src=192.168.170.56 dst=217.13.4.24 >>>> sport=1710 dport=53 >>>> Got packet, had no ct: udp 17 src=192.168.170.56 dst=217.13.4.24 >>>> sport=1710 dport=53 >>>> Didn't yet find udp 17 src=217.13.4.24 dst=192.168.170.56 sport=53 >>>> dport=1710 >>>> Set verdict ACCEPT, mark 0x000001 >>>> hw_protocol = 0x0800 hook = 0 id = 4 wholemark = 00000000 mark = 0 indev = >>>> 4 payload_len = 328 >>>> Made key from packet: udp 17 src=255.255.255.255 dst=0.0.0.0 >>>> sport=67 dport=68 >>>> Made key from packet: udp 17 src=0.0.0.0 dst=255.255.255.255 >>>> sport=68 dport=67 >>>> Got packet, had no ct: udp 17 src=0.0.0.0 dst=255.255.255.255 >>>> sport=68 dport=67 >>>> Didn't yet find udp 17 src=255.255.255.255 dst=0.0.0.0 sport=67 >>>> dport=68 >>>> Set verdict ACCEPT, mark 0x000001 >>>> Got event: NFCT_MSG_NEW >>>> Made key from ct: udp 17 src=0.0.0.0 dst=255.255.255.255 >>>> sport=68 dport=67 >>>> hw_protocol = 0x0800 hook = 0 id = 5 wholemark = 00000000 mark = 0 indev = >>>> 4 payload_len = 328 >>>> Made key from packet: udp 17 src=255.255.255.255 dst=0.0.0.0 >>>> sport=67 dport=68 >>>> Made key from packet: udp 17 src=0.0.0.0 dst=255.255.255.255 >>>> sport=68 dport=67 >>>> Found connection reply: udp 17 src=0.0.0.0 dst=255.255.255.255 >>>> sport=68 dport=67 >>>> Appended data. Length so far = 33 >>>> Packet #1, data is: ..... .&P..zc.Sc5..7..*BC=.255-1. >>>> checking against ssh >>>> checking against telnet >>>> checking against dhcp >>>> matched dhcp >>>> Set verdict ACCEPT, mark 0x000005 >>>> >>>> I am also attaching a screenshot from L7 filter and the dns.pcap packets, >>>> I replayed. >>>> >>>> Can anyone please help?? >>> >>> >>> ------------------------------------------------------------------------------ >>> Want excitement? >>> Manually upgrade your production database. >>> When you want reliability, choose Perforce. >>> Perforce version control. Predictably reliable. >>> http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk >>> _______________________________________________ >>> Tcpreplay-users mailing list >>> Tcpreplay-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users >>> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support >> >> ------------------------------------------------------------------------------ >> Want excitement? >> Manually upgrade your production database. >> When you want reliability, choose Perforce >> Perforce version control. Predictably reliable. >> http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk >> _______________________________________________ >> Tcpreplay-users mailing list >> Tcpreplay-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users >> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support > > ------------------------------------------------------------------------------ > Want excitement? > Manually upgrade your production database. > When you want reliability, choose Perforce > Perforce version control. Predictably reliable. > http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk > _______________________________________________ > Tcpreplay-users mailing list > Tcpreplay-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/tcpreplay-users > Support Information: http://tcpreplay.synfin.net/trac/wiki/Support ------------------------------------------------------------------------------ Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk _______________________________________________ Tcpreplay-users mailing list Tcpreplay-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tcpreplay-users Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
