[Tcpreplay-users] Replay Layer 3 packets

Tue, 24 Oct 2017 16:37:47 -0700 

Hi,

What I am trying to do is, set up two ports on a single machine, each port
with its own IP address from different subnets. Then take a pcap file,
rewrite IP addresses of each packet to be between these two ports, and
replay, hoping the packets from one port will be routed accordingly and
reach the other port.

1. Given IP address, netmask and gateway address for each port, is it
possible to just rewrite the IP address of each packet, possibly drop the
layer 2 header, and let tcpreplay utility to automatically do ARP
resolution and rewrite/fill in the layer 2 header?

I don't really expect tcpreplay to be able to do this, and didn't find any
information online, but I would like a confirmation.



2. At the moment I do the following for layer 3 replay:

# Split traffic based on the source/destination ports and populate the
cache file
tcpprep --port --cachefile=$CACHE_FILE --pcap=$PCAP_FILE

# Rewrite source/destination IP addresses
tcprewrite --endpoints=$PORT_0_IP:$PORT_1_IP --cachefile=$CACHE_FILE
--infile=$PCAP_FILE --outfile=$TMP_PCAP_1

# Rewrite destination mac addresses to the gateway so they can be routed
correctly
tcprewrite --enet-dmac=$PORT_0_GATEWAY_MAC,$PORT_1_GATEWAY_MAC
--cachefile=$CACHE_FILE --infile=$TMP_PCAP_1 --outfile=$TMP_PCAP_2

# Replay
tcpreplay --intf1=$PORT_0 --intf2=$PORT_1 --cachefile=$CACHE_FILE
$TMP_PCAP_2

Note the order I specify ports in these commands that I always specify
PORT_0 before PORT_1. From what I read online, seems the first port being
specified will be used as the server, this, however, is contradictory to my
tests, in which PORT_0 will be used as client as shown in one of many such
packets:

3 1.559392574 60 172.20.110.231 → 172.20.124.243 TCP 64287 → https(443)
[ACK] Seq=1 Ack=1 Win=65535 Len=0 eth:ethertype:ip:tcp

172.20.110.231 is the $PORT_0_IP. Did I miss anything?

Many thanks,
Zhao

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Tcpreplay-users mailing list
Tcpreplay-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
Support Information: http://tcpreplay.synfin.net/trac/wiki/Support

Reply via email to