Smells like a bug, but _could_ be an issue where your pcap file incorrectly states the packet length. If you could share the pcap file (dropbox/etc link preferred) and the tcprewrite command you ran that would be useful. -- Aaron Turner https://synfin.net/ Twitter: @synfinatic My father once told me that respect for the truth comes close to being the basis for all morality. "Something cannot emerge from nothing," he said. This is profound thinking if you understand how unstable "the truth" can be. -- Frank Herbert, Dune
On Wed, Oct 18, 2017 at 8:17 AM, Felipe Agnelli Barbosa <no.mo...@gmail.com> wrote: > Hi guys, > > I have working with tcpreplay suite and I find something interesting that I > can't explain until now. > > My environment is made of one pcap file that I use tcprewrite to replace > source/destiny IP, MAC and the pcap file originated does not contain the dns > query, like: > > Before tcprewrite modification: > > 13:00:00.000181 IP 192.168.0.3.18418 > 10.153.0.17.53: 42386 [1au] A? > www.example.com. (47) > > After: > > 13:00:00.000181 IP 192.168.0.3.18418 > 10.153.0.17.50073: UDP, length 47 > > I got to see this with tcpdump. > > Has anyone ever experienced this? > > Bellow some more informations. > > # lsb_release -a > No LSB modules are available. > Distributor ID: Ubuntu > Description: Ubuntu 16.04.3 LTS > Release: 16.04 > Codename: xenial > > # tcpreplay -V > tcpreplay version: 4.2.5 (build git:v4.2.5) > Copyright 2013-2017 by Fred Klassen <tcpreplay at appneta dot com> - AppNeta > Copyright 2000-2012 by Aaron Turner <aturner at synfin dot net> > The entire Tcpreplay Suite is licensed under the GPLv3 > Cache file supported: 04 > Not compiled with libdnet. > Compiled against libpcap: 1.7.4 > 64 bit packet counters: enabled > Verbose printing via tcpdump: enabled > Packet editing: disabled > Fragroute engine: disabled > Injection method: PF_PACKET send() > Not compiled with netmap > > # tcpdump --v > tcpdump version 4.9.0 > libpcap version 1.7.4 > OpenSSL 1.0.2g 1 Mar 2016 > > > Regards, > Felipe > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Tcpreplay-users mailing list > Tcpreplay-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/tcpreplay-users > Support Information: http://tcpreplay.synfin.net/trac/wiki/Support ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Tcpreplay-users mailing list Tcpreplay-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tcpreplay-users Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
