your traffic is TCP. You can't use tcpreplay. You'll have to use tcpliveplay. -- Aaron Turner https://synfin.net/ Twitter: @synfinatic My father once told me that respect for the truth comes close to being the basis for all morality. "Something cannot emerge from nothing," he said. This is profound thinking if you understand how unstable "the truth" can be. -- Frank Herbert, Dune
On Tue, Oct 24, 2017 at 4:37 PM, Zhao Lin <zlbingham...@gmail.com> wrote: > Hi, > > What I am trying to do is, set up two ports on a single machine, each port > with its own IP address from different subnets. Then take a pcap file, > rewrite IP addresses of each packet to be between these two ports, and > replay, hoping the packets from one port will be routed accordingly and > reach the other port. > > 1. Given IP address, netmask and gateway address for each port, is it > possible to just rewrite the IP address of each packet, possibly drop the > layer 2 header, and let tcpreplay utility to automatically do ARP resolution > and rewrite/fill in the layer 2 header? > > I don't really expect tcpreplay to be able to do this, and didn't find any > information online, but I would like a confirmation. > > > > 2. At the moment I do the following for layer 3 replay: > > # Split traffic based on the source/destination ports and populate the cache > file > tcpprep --port --cachefile=$CACHE_FILE --pcap=$PCAP_FILE > > # Rewrite source/destination IP addresses > tcprewrite --endpoints=$PORT_0_IP:$PORT_1_IP --cachefile=$CACHE_FILE > --infile=$PCAP_FILE --outfile=$TMP_PCAP_1 > > # Rewrite destination mac addresses to the gateway so they can be routed > correctly > tcprewrite --enet-dmac=$PORT_0_GATEWAY_MAC,$PORT_1_GATEWAY_MAC > --cachefile=$CACHE_FILE --infile=$TMP_PCAP_1 --outfile=$TMP_PCAP_2 > > # Replay > tcpreplay --intf1=$PORT_0 --intf2=$PORT_1 --cachefile=$CACHE_FILE > $TMP_PCAP_2 > > Note the order I specify ports in these commands that I always specify > PORT_0 before PORT_1. From what I read online, seems the first port being > specified will be used as the server, this, however, is contradictory to my > tests, in which PORT_0 will be used as client as shown in one of many such > packets: > > 3 1.559392574 60 172.20.110.231 → 172.20.124.243 TCP 64287 → https(443) > [ACK] Seq=1 Ack=1 Win=65535 Len=0 eth:ethertype:ip:tcp > > 172.20.110.231 is the $PORT_0_IP. Did I miss anything? > > Many thanks, > Zhao > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Tcpreplay-users mailing list > Tcpreplay-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/tcpreplay-users > Support Information: http://tcpreplay.synfin.net/trac/wiki/Support ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Tcpreplay-users mailing list Tcpreplay-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tcpreplay-users Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
