Hi Aaron,
Follow the commands and the comments:
tcprewrite --dlt=enet --enet-dmac="MAC" --enet-smac="MAC" -i
queries-ipv4.pcap[0] -o queries-ipv4-new.pcap
The pcap file queries-ipv4-new.pcap originated contains the dns queries.
tcpprep --auto=client --cachefile=query.cache --pcap=queries-ipv4-new.pcap
tcprewrite -C --portmap=53:50068 --endpoints=192.168.0.3:10.153.0.17
--cachefile=query.cache -i queries-ipv4-new.pcap -o queries-ipv4-READY.pcap
Here, with the pcap file queries-ipv4-READY.pcap, the problem that I
mentioned happens.
[0]
https://www.dropbox.com/sh/qhulhpfr2fcvghj/AACv81C0s7OecBuF1l8x806Aa?dl=0
Regards,
[]s
Felipe
2017-10-19 0:44 GMT-02:00 Aaron Turner <synfina...@gmail.com>:
> Smells like a bug, but _could_ be an issue where your pcap file
> incorrectly states the packet length. If you could share the pcap
> file (dropbox/etc link preferred) and the tcprewrite command you ran
> that would be useful.
> --
> Aaron Turner
> https://synfin.net/ Twitter: @synfinatic
> My father once told me that respect for the truth comes close to being
> the basis for all morality. "Something cannot emerge from nothing,"
> he said. This is profound thinking if you understand how unstable
> "the truth" can be. -- Frank Herbert, Dune
>
>
> On Wed, Oct 18, 2017 at 8:17 AM, Felipe Agnelli Barbosa
> <no.mo...@gmail.com> wrote:
> > Hi guys,
> >
> > I have working with tcpreplay suite and I find something interesting
> that I
> > can't explain until now.
> >
> > My environment is made of one pcap file that I use tcprewrite to replace
> > source/destiny IP, MAC and the pcap file originated does not contain the
> dns
> > query, like:
> >
> > Before tcprewrite modification:
> >
> > 13:00:00.000181 IP 192.168.0.3.18418 > 10.153.0.17.53: 42386 [1au] A?
> > www.example.com. (47)
> >
> > After:
> >
> > 13:00:00.000181 IP 192.168.0.3.18418 > 10.153.0.17.50073: UDP, length 47
> >
> > I got to see this with tcpdump.
> >
> > Has anyone ever experienced this?
> >
> > Bellow some more informations.
> >
> > # lsb_release -a
> > No LSB modules are available.
> > Distributor ID: Ubuntu
> > Description: Ubuntu 16.04.3 LTS
> > Release: 16.04
> > Codename: xenial
> >
> > # tcpreplay -V
> > tcpreplay version: 4.2.5 (build git:v4.2.5)
> > Copyright 2013-2017 by Fred Klassen <tcpreplay at appneta dot com> -
> AppNeta
> > Copyright 2000-2012 by Aaron Turner <aturner at synfin dot net>
> > The entire Tcpreplay Suite is licensed under the GPLv3
> > Cache file supported: 04
> > Not compiled with libdnet.
> > Compiled against libpcap: 1.7.4
> > 64 bit packet counters: enabled
> > Verbose printing via tcpdump: enabled
> > Packet editing: disabled
> > Fragroute engine: disabled
> > Injection method: PF_PACKET send()
> > Not compiled with netmap
> >
> > # tcpdump --v
> > tcpdump version 4.9.0
> > libpcap version 1.7.4
> > OpenSSL 1.0.2g 1 Mar 2016
> >
> >
> > Regards,
> > Felipe
> >
> >
> > ------------------------------------------------------------
> ------------------
> > Check out the vibrant tech community on one of the world's most
> > engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> > _______________________________________________
> > Tcpreplay-users mailing list
> > Tcpreplay-users@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
> > Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Tcpreplay-users mailing list
> Tcpreplay-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
>
--
" A dúvida é o principio da sabedoria "
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Tcpreplay-users mailing list
Tcpreplay-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
