Works for me on 4.2.6:
$ tcprewrite --dlt=enet --enet-smac=09:09:09:09:09:09
--enet-dmac=01:02:03:04:05:06 -i ~/Downloads/queries-ipv4.pcap -o
test.pcap
$ tcpdump -r test.pcap -c1 -v
reading from file test.pcap, link-type EN10MB (Ethernet)
07:11:14.228108 IP (tos 0x0, ttl 64, id 1, offset 0, flags [none],
proto UDP (17), length 64)
localhost.50471 > localhost.domain: 0 NS? robotmatchunit.com. (36)
$ tcprewrite -V
tcprewrite version: 4.2.6 (build git:v4.2.6)
Copyright 2013-2017 by Fred Klassen <tcpreplay at appneta dot com> - AppNeta
Copyright 2000-2012 by Aaron Turner <aturner at synfin dot net>
The entire Tcpreplay Suite is licensed under the GPLv3
Cache file supported: 04
Compiled against libdnet: 1.12
Compiled against libpcap: libpcap version 1.8.1 -- Apple version 67.60.1
64 bit packet counters: enabled
Verbose printing via tcpdump: enabled
Fragroute engine: enabled
--
Aaron Turner
https://synfin.net/ Twitter: @synfinatic
My father once told me that respect for the truth comes close to being
the basis for all morality. "Something cannot emerge from nothing,"
he said. This is profound thinking if you understand how unstable
"the truth" can be. -- Frank Herbert, Dune
On Thu, Oct 19, 2017 at 6:10 AM, Felipe Agnelli Barbosa
<no.mo...@gmail.com> wrote:
> Hi Aaron,
>
> Follow the commands and the comments:
>
> tcprewrite --dlt=enet --enet-dmac="MAC" --enet-smac="MAC" -i
> queries-ipv4.pcap[0] -o queries-ipv4-new.pcap
>
> The pcap file queries-ipv4-new.pcap originated contains the dns queries.
>
> tcpprep --auto=client --cachefile=query.cache --pcap=queries-ipv4-new.pcap
> tcprewrite -C --portmap=53:50068 --endpoints=192.168.0.3:10.153.0.17
> --cachefile=query.cache -i queries-ipv4-new.pcap -o queries-ipv4-READY.pcap
>
> Here, with the pcap file queries-ipv4-READY.pcap, the problem that I
> mentioned happens.
>
> [0]
> https://www.dropbox.com/sh/qhulhpfr2fcvghj/AACv81C0s7OecBuF1l8x806Aa?dl=0
>
>
> Regards,
>
> []s
> Felipe
>
>
> 2017-10-19 0:44 GMT-02:00 Aaron Turner <synfina...@gmail.com>:
>>
>> Smells like a bug, but _could_ be an issue where your pcap file
>> incorrectly states the packet length. If you could share the pcap
>> file (dropbox/etc link preferred) and the tcprewrite command you ran
>> that would be useful.
>> --
>> Aaron Turner
>> https://synfin.net/ Twitter: @synfinatic
>> My father once told me that respect for the truth comes close to being
>> the basis for all morality. "Something cannot emerge from nothing,"
>> he said. This is profound thinking if you understand how unstable
>> "the truth" can be. -- Frank Herbert, Dune
>>
>>
>> On Wed, Oct 18, 2017 at 8:17 AM, Felipe Agnelli Barbosa
>> <no.mo...@gmail.com> wrote:
>> > Hi guys,
>> >
>> > I have working with tcpreplay suite and I find something interesting
>> > that I
>> > can't explain until now.
>> >
>> > My environment is made of one pcap file that I use tcprewrite to replace
>> > source/destiny IP, MAC and the pcap file originated does not contain the
>> > dns
>> > query, like:
>> >
>> > Before tcprewrite modification:
>> >
>> > 13:00:00.000181 IP 192.168.0.3.18418 > 10.153.0.17.53: 42386 [1au] A?
>> > www.example.com. (47)
>> >
>> > After:
>> >
>> > 13:00:00.000181 IP 192.168.0.3.18418 > 10.153.0.17.50073: UDP, length 47
>> >
>> > I got to see this with tcpdump.
>> >
>> > Has anyone ever experienced this?
>> >
>> > Bellow some more informations.
>> >
>> > # lsb_release -a
>> > No LSB modules are available.
>> > Distributor ID: Ubuntu
>> > Description: Ubuntu 16.04.3 LTS
>> > Release: 16.04
>> > Codename: xenial
>> >
>> > # tcpreplay -V
>> > tcpreplay version: 4.2.5 (build git:v4.2.5)
>> > Copyright 2013-2017 by Fred Klassen <tcpreplay at appneta dot com> -
>> > AppNeta
>> > Copyright 2000-2012 by Aaron Turner <aturner at synfin dot net>
>> > The entire Tcpreplay Suite is licensed under the GPLv3
>> > Cache file supported: 04
>> > Not compiled with libdnet.
>> > Compiled against libpcap: 1.7.4
>> > 64 bit packet counters: enabled
>> > Verbose printing via tcpdump: enabled
>> > Packet editing: disabled
>> > Fragroute engine: disabled
>> > Injection method: PF_PACKET send()
>> > Not compiled with netmap
>> >
>> > # tcpdump --v
>> > tcpdump version 4.9.0
>> > libpcap version 1.7.4
>> > OpenSSL 1.0.2g 1 Mar 2016
>> >
>> >
>> > Regards,
>> > Felipe
>> >
>> >
>> >
>> > ------------------------------------------------------------------------------
>> > Check out the vibrant tech community on one of the world's most
>> > engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> > _______________________________________________
>> > Tcpreplay-users mailing list
>> > Tcpreplay-users@lists.sourceforge.net
>> > https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
>> > Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
>>
>>
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> _______________________________________________
>> Tcpreplay-users mailing list
>> Tcpreplay-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
>> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
>
>
>
>
> --
> " A dúvida é o principio da sabedoria "
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Tcpreplay-users mailing list
> Tcpreplay-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Tcpreplay-users mailing list
Tcpreplay-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
