Thanks for prompt reply!
>From my understanding tcplivereplay initiates a new connection to the
server and compares the flow to make sure it goes like the pcap file. This
isn't what I want. I want to replay the packets in a given pcap file mostly
as they are between the two ports of a machine, so one port will act as
client and the other as server, and by replacing IP addresses of these
packets (and mac addresses) I make sure these packets can be properly
routed through routers and possibly some other middle devices.
Let me know if I wasn't clear. Do you have any insight about my two
questions?
Thanks!
On Tue, Oct 24, 2017 at 6:43 PM, Aaron Turner <synfina...@gmail.com> wrote:
> your traffic is TCP. You can't use tcpreplay. You'll have to use
> tcpliveplay.
> --
> Aaron Turner
> https://synfin.net/ Twitter: @synfinatic
> My father once told me that respect for the truth comes close to being
> the basis for all morality. "Something cannot emerge from nothing,"
> he said. This is profound thinking if you understand how unstable
> "the truth" can be. -- Frank Herbert, Dune
>
>
> On Tue, Oct 24, 2017 at 4:37 PM, Zhao Lin <zlbingham...@gmail.com> wrote:
> > Hi,
> >
> > What I am trying to do is, set up two ports on a single machine, each
> port
> > with its own IP address from different subnets. Then take a pcap file,
> > rewrite IP addresses of each packet to be between these two ports, and
> > replay, hoping the packets from one port will be routed accordingly and
> > reach the other port.
> >
> > 1. Given IP address, netmask and gateway address for each port, is it
> > possible to just rewrite the IP address of each packet, possibly drop the
> > layer 2 header, and let tcpreplay utility to automatically do ARP
> resolution
> > and rewrite/fill in the layer 2 header?
> >
> > I don't really expect tcpreplay to be able to do this, and didn't find
> any
> > information online, but I would like a confirmation.
> >
> >
> >
> > 2. At the moment I do the following for layer 3 replay:
> >
> > # Split traffic based on the source/destination ports and populate the
> cache
> > file
> > tcpprep --port --cachefile=$CACHE_FILE --pcap=$PCAP_FILE
> >
> > # Rewrite source/destination IP addresses
> > tcprewrite --endpoints=$PORT_0_IP:$PORT_1_IP --cachefile=$CACHE_FILE
> > --infile=$PCAP_FILE --outfile=$TMP_PCAP_1
> >
> > # Rewrite destination mac addresses to the gateway so they can be routed
> > correctly
> > tcprewrite --enet-dmac=$PORT_0_GATEWAY_MAC,$PORT_1_GATEWAY_MAC
> > --cachefile=$CACHE_FILE --infile=$TMP_PCAP_1 --outfile=$TMP_PCAP_2
> >
> > # Replay
> > tcpreplay --intf1=$PORT_0 --intf2=$PORT_1 --cachefile=$CACHE_FILE
> > $TMP_PCAP_2
> >
> > Note the order I specify ports in these commands that I always specify
> > PORT_0 before PORT_1. From what I read online, seems the first port being
> > specified will be used as the server, this, however, is contradictory to
> my
> > tests, in which PORT_0 will be used as client as shown in one of many
> such
> > packets:
> >
> > 3 1.559392574 60 172.20.110.231 → 172.20.124.243 TCP 64287 → https(443)
> > [ACK] Seq=1 Ack=1 Win=65535 Len=0 eth:ethertype:ip:tcp
> >
> > 172.20.110.231 is the $PORT_0_IP. Did I miss anything?
> >
> > Many thanks,
> > Zhao
> >
> > ------------------------------------------------------------
> ------------------
> > Check out the vibrant tech community on one of the world's most
> > engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> > _______________________________________________
> > Tcpreplay-users mailing list
> > Tcpreplay-users@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
> > Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Tcpreplay-users mailing list
> Tcpreplay-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Tcpreplay-users mailing list
Tcpreplay-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
