Ok, when I saw $PORT_0_IP and $PORT_1_IP I thought you meant the actual configured IP's on those NIC's.
Honestly, been years since I've looked at that code/docs. If you use --intf1=$PORT_1 --intf2=$PORT_0 does it do what you want? -- Aaron Turner https://synfin.net/ Twitter: @synfinatic My father once told me that respect for the truth comes close to being the basis for all morality. "Something cannot emerge from nothing," he said. This is profound thinking if you understand how unstable "the truth" can be. -- Frank Herbert, Dune On Tue, Oct 24, 2017 at 11:12 PM, Zhao Lin <zlbingham...@gmail.com> wrote: > Both client and server resides in a single machine where tcpreplay plays > client traffic through one interface/port, and server traffic though > another. I don't care how these packets gets handled, meaning I don't care > what the IP payloads of these packets are, in fact I'll dedicate these two > ports to tcpreplay only, and probably configure iptables to drop all > incoming packets on both ports. My only purpose for this replay is to get > the two way traffic running through router or some other device on the route > ... > > On Tue, Oct 24, 2017 at 10:43 PM, Aaron Turner <synfina...@gmail.com> wrote: >> >> The problem is if tcpreplay sends the packets to a live IP address, >> the underlying IP stack isn't going to deal with the TCP seq/ack >> numbers sent by tcpreplay because the host is going to select a random >> initial sequence number. >> >> Tcpreplay is really only useful when faking hosts on the network. Ie: >> the IP addresses can't be in use by any host. >> -- >> Aaron Turner >> https://synfin.net/ Twitter: @synfinatic >> My father once told me that respect for the truth comes close to being >> the basis for all morality. "Something cannot emerge from nothing," >> he said. This is profound thinking if you understand how unstable >> "the truth" can be. -- Frank Herbert, Dune >> >> >> On Tue, Oct 24, 2017 at 10:16 PM, Zhao Lin <zlbingham...@gmail.com> wrote: >> > Thanks for prompt reply! >> > >> > From my understanding tcplivereplay initiates a new connection to the >> > server >> > and compares the flow to make sure it goes like the pcap file. This >> > isn't >> > what I want. I want to replay the packets in a given pcap file mostly as >> > they are between the two ports of a machine, so one port will act as >> > client >> > and the other as server, and by replacing IP addresses of these packets >> > (and >> > mac addresses) I make sure these packets can be properly routed through >> > routers and possibly some other middle devices. >> > >> > Let me know if I wasn't clear. Do you have any insight about my two >> > questions? >> > >> > Thanks! >> > >> > On Tue, Oct 24, 2017 at 6:43 PM, Aaron Turner <synfina...@gmail.com> >> > wrote: >> >> >> >> your traffic is TCP. You can't use tcpreplay. You'll have to use >> >> tcpliveplay. >> >> -- >> >> Aaron Turner >> >> https://synfin.net/ Twitter: @synfinatic >> >> My father once told me that respect for the truth comes close to being >> >> the basis for all morality. "Something cannot emerge from nothing," >> >> he said. This is profound thinking if you understand how unstable >> >> "the truth" can be. -- Frank Herbert, Dune >> >> >> >> >> >> On Tue, Oct 24, 2017 at 4:37 PM, Zhao Lin <zlbingham...@gmail.com> >> >> wrote: >> >> > Hi, >> >> > >> >> > What I am trying to do is, set up two ports on a single machine, each >> >> > port >> >> > with its own IP address from different subnets. Then take a pcap >> >> > file, >> >> > rewrite IP addresses of each packet to be between these two ports, >> >> > and >> >> > replay, hoping the packets from one port will be routed accordingly >> >> > and >> >> > reach the other port. >> >> > >> >> > 1. Given IP address, netmask and gateway address for each port, is it >> >> > possible to just rewrite the IP address of each packet, possibly drop >> >> > the >> >> > layer 2 header, and let tcpreplay utility to automatically do ARP >> >> > resolution >> >> > and rewrite/fill in the layer 2 header? >> >> > >> >> > I don't really expect tcpreplay to be able to do this, and didn't >> >> > find >> >> > any >> >> > information online, but I would like a confirmation. >> >> > >> >> > >> >> > >> >> > 2. At the moment I do the following for layer 3 replay: >> >> > >> >> > # Split traffic based on the source/destination ports and populate >> >> > the >> >> > cache >> >> > file >> >> > tcpprep --port --cachefile=$CACHE_FILE --pcap=$PCAP_FILE >> >> > >> >> > # Rewrite source/destination IP addresses >> >> > tcprewrite --endpoints=$PORT_0_IP:$PORT_1_IP --cachefile=$CACHE_FILE >> >> > --infile=$PCAP_FILE --outfile=$TMP_PCAP_1 >> >> > >> >> > # Rewrite destination mac addresses to the gateway so they can be >> >> > routed >> >> > correctly >> >> > tcprewrite --enet-dmac=$PORT_0_GATEWAY_MAC,$PORT_1_GATEWAY_MAC >> >> > --cachefile=$CACHE_FILE --infile=$TMP_PCAP_1 --outfile=$TMP_PCAP_2 >> >> > >> >> > # Replay >> >> > tcpreplay --intf1=$PORT_0 --intf2=$PORT_1 --cachefile=$CACHE_FILE >> >> > $TMP_PCAP_2 >> >> > >> >> > Note the order I specify ports in these commands that I always >> >> > specify >> >> > PORT_0 before PORT_1. From what I read online, seems the first port >> >> > being >> >> > specified will be used as the server, this, however, is contradictory >> >> > to >> >> > my >> >> > tests, in which PORT_0 will be used as client as shown in one of many >> >> > such >> >> > packets: >> >> > >> >> > 3 1.559392574 60 172.20.110.231 → 172.20.124.243 TCP 64287 → >> >> > https(443) >> >> > [ACK] Seq=1 Ack=1 Win=65535 Len=0 eth:ethertype:ip:tcp >> >> > >> >> > 172.20.110.231 is the $PORT_0_IP. Did I miss anything? >> >> > >> >> > Many thanks, >> >> > Zhao >> >> > >> >> > >> >> > >> >> > ------------------------------------------------------------------------------ >> >> > Check out the vibrant tech community on one of the world's most >> >> > engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> >> > _______________________________________________ >> >> > Tcpreplay-users mailing list >> >> > Tcpreplay-users@lists.sourceforge.net >> >> > https://lists.sourceforge.net/lists/listinfo/tcpreplay-users >> >> > Support Information: http://tcpreplay.synfin.net/trac/wiki/Support >> >> >> >> >> >> >> >> ------------------------------------------------------------------------------ >> >> Check out the vibrant tech community on one of the world's most >> >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> >> _______________________________________________ >> >> Tcpreplay-users mailing list >> >> Tcpreplay-users@lists.sourceforge.net >> >> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users >> >> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support >> > >> > >> > >> > >> > ------------------------------------------------------------------------------ >> > Check out the vibrant tech community on one of the world's most >> > engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> > _______________________________________________ >> > Tcpreplay-users mailing list >> > Tcpreplay-users@lists.sourceforge.net >> > https://lists.sourceforge.net/lists/listinfo/tcpreplay-users >> > Support Information: http://tcpreplay.synfin.net/trac/wiki/Support >> >> >> ------------------------------------------------------------------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> _______________________________________________ >> Tcpreplay-users mailing list >> Tcpreplay-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users >> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Tcpreplay-users mailing list > Tcpreplay-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/tcpreplay-users > Support Information: http://tcpreplay.synfin.net/trac/wiki/Support ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Tcpreplay-users mailing list Tcpreplay-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tcpreplay-users Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
