"it depends". generally speaking, not all tcpprep splitting options work on client vs. server so it's kinda generic which is why you'll see a lot of phrases like PRIMARY and SECONDARY. you can always use tcpprep -I <cachefile> to see how things are going to get sent. -- Aaron Turner https://synfin.net/ Twitter: @synfinatic My father once told me that respect for the truth comes close to being the basis for all morality. "Something cannot emerge from nothing," he said. This is profound thinking if you understand how unstable "the truth" can be. -- Frank Herbert, Dune
On Wed, Oct 25, 2017 at 10:16 AM, Zhao Lin <zlbingham...@gmail.com> wrote: > Haha. Those are in fact real IP's that I configured for the two NIC's, just > so the packets can be routed by the router ... The way I am doing it right > now works, BTW. > > To swap the two ports like this I would also need to swap the ports in > tcprewrite. This essentially makes no difference to me. What I'd like to > know is, will the first interface specified on the commands ALWAYS be used > as client, and the second as server? > > Thanks, > > On Wed, Oct 25, 2017 at 6:53 AM, Aaron Turner <synfina...@gmail.com> wrote: >> >> Ok, when I saw $PORT_0_IP and $PORT_1_IP I thought you meant the >> actual configured IP's on those NIC's. >> >> Honestly, been years since I've looked at that code/docs. If you use >> --intf1=$PORT_1 --intf2=$PORT_0 does it do what you want? >> -- >> Aaron Turner >> https://synfin.net/ Twitter: @synfinatic >> My father once told me that respect for the truth comes close to being >> the basis for all morality. "Something cannot emerge from nothing," >> he said. This is profound thinking if you understand how unstable >> "the truth" can be. -- Frank Herbert, Dune >> >> >> On Tue, Oct 24, 2017 at 11:12 PM, Zhao Lin <zlbingham...@gmail.com> wrote: >> > Both client and server resides in a single machine where tcpreplay plays >> > client traffic through one interface/port, and server traffic though >> > another. I don't care how these packets gets handled, meaning I don't >> > care >> > what the IP payloads of these packets are, in fact I'll dedicate these >> > two >> > ports to tcpreplay only, and probably configure iptables to drop all >> > incoming packets on both ports. My only purpose for this replay is to >> > get >> > the two way traffic running through router or some other device on the >> > route >> > ... >> > >> > On Tue, Oct 24, 2017 at 10:43 PM, Aaron Turner <synfina...@gmail.com> >> > wrote: >> >> >> >> The problem is if tcpreplay sends the packets to a live IP address, >> >> the underlying IP stack isn't going to deal with the TCP seq/ack >> >> numbers sent by tcpreplay because the host is going to select a random >> >> initial sequence number. >> >> >> >> Tcpreplay is really only useful when faking hosts on the network. Ie: >> >> the IP addresses can't be in use by any host. >> >> -- >> >> Aaron Turner >> >> https://synfin.net/ Twitter: @synfinatic >> >> My father once told me that respect for the truth comes close to being >> >> the basis for all morality. "Something cannot emerge from nothing," >> >> he said. This is profound thinking if you understand how unstable >> >> "the truth" can be. -- Frank Herbert, Dune >> >> >> >> >> >> On Tue, Oct 24, 2017 at 10:16 PM, Zhao Lin <zlbingham...@gmail.com> >> >> wrote: >> >> > Thanks for prompt reply! >> >> > >> >> > From my understanding tcplivereplay initiates a new connection to the >> >> > server >> >> > and compares the flow to make sure it goes like the pcap file. This >> >> > isn't >> >> > what I want. I want to replay the packets in a given pcap file mostly >> >> > as >> >> > they are between the two ports of a machine, so one port will act as >> >> > client >> >> > and the other as server, and by replacing IP addresses of these >> >> > packets >> >> > (and >> >> > mac addresses) I make sure these packets can be properly routed >> >> > through >> >> > routers and possibly some other middle devices. >> >> > >> >> > Let me know if I wasn't clear. Do you have any insight about my two >> >> > questions? >> >> > >> >> > Thanks! >> >> > >> >> > On Tue, Oct 24, 2017 at 6:43 PM, Aaron Turner <synfina...@gmail.com> >> >> > wrote: >> >> >> >> >> >> your traffic is TCP. You can't use tcpreplay. You'll have to use >> >> >> tcpliveplay. >> >> >> -- >> >> >> Aaron Turner >> >> >> https://synfin.net/ Twitter: @synfinatic >> >> >> My father once told me that respect for the truth comes close to >> >> >> being >> >> >> the basis for all morality. "Something cannot emerge from nothing," >> >> >> he said. This is profound thinking if you understand how unstable >> >> >> "the truth" can be. -- Frank Herbert, Dune >> >> >> >> >> >> >> >> >> On Tue, Oct 24, 2017 at 4:37 PM, Zhao Lin <zlbingham...@gmail.com> >> >> >> wrote: >> >> >> > Hi, >> >> >> > >> >> >> > What I am trying to do is, set up two ports on a single machine, >> >> >> > each >> >> >> > port >> >> >> > with its own IP address from different subnets. Then take a pcap >> >> >> > file, >> >> >> > rewrite IP addresses of each packet to be between these two ports, >> >> >> > and >> >> >> > replay, hoping the packets from one port will be routed >> >> >> > accordingly >> >> >> > and >> >> >> > reach the other port. >> >> >> > >> >> >> > 1. Given IP address, netmask and gateway address for each port, is >> >> >> > it >> >> >> > possible to just rewrite the IP address of each packet, possibly >> >> >> > drop >> >> >> > the >> >> >> > layer 2 header, and let tcpreplay utility to automatically do ARP >> >> >> > resolution >> >> >> > and rewrite/fill in the layer 2 header? >> >> >> > >> >> >> > I don't really expect tcpreplay to be able to do this, and didn't >> >> >> > find >> >> >> > any >> >> >> > information online, but I would like a confirmation. >> >> >> > >> >> >> > >> >> >> > >> >> >> > 2. At the moment I do the following for layer 3 replay: >> >> >> > >> >> >> > # Split traffic based on the source/destination ports and populate >> >> >> > the >> >> >> > cache >> >> >> > file >> >> >> > tcpprep --port --cachefile=$CACHE_FILE --pcap=$PCAP_FILE >> >> >> > >> >> >> > # Rewrite source/destination IP addresses >> >> >> > tcprewrite --endpoints=$PORT_0_IP:$PORT_1_IP >> >> >> > --cachefile=$CACHE_FILE >> >> >> > --infile=$PCAP_FILE --outfile=$TMP_PCAP_1 >> >> >> > >> >> >> > # Rewrite destination mac addresses to the gateway so they can be >> >> >> > routed >> >> >> > correctly >> >> >> > tcprewrite --enet-dmac=$PORT_0_GATEWAY_MAC,$PORT_1_GATEWAY_MAC >> >> >> > --cachefile=$CACHE_FILE --infile=$TMP_PCAP_1 --outfile=$TMP_PCAP_2 >> >> >> > >> >> >> > # Replay >> >> >> > tcpreplay --intf1=$PORT_0 --intf2=$PORT_1 --cachefile=$CACHE_FILE >> >> >> > $TMP_PCAP_2 >> >> >> > >> >> >> > Note the order I specify ports in these commands that I always >> >> >> > specify >> >> >> > PORT_0 before PORT_1. From what I read online, seems the first >> >> >> > port >> >> >> > being >> >> >> > specified will be used as the server, this, however, is >> >> >> > contradictory >> >> >> > to >> >> >> > my >> >> >> > tests, in which PORT_0 will be used as client as shown in one of >> >> >> > many >> >> >> > such >> >> >> > packets: >> >> >> > >> >> >> > 3 1.559392574 60 172.20.110.231 → 172.20.124.243 TCP 64287 → >> >> >> > https(443) >> >> >> > [ACK] Seq=1 Ack=1 Win=65535 Len=0 eth:ethertype:ip:tcp >> >> >> > >> >> >> > 172.20.110.231 is the $PORT_0_IP. Did I miss anything? >> >> >> > >> >> >> > Many thanks, >> >> >> > Zhao >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> > ------------------------------------------------------------------------------ >> >> >> > Check out the vibrant tech community on one of the world's most >> >> >> > engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> >> >> > _______________________________________________ >> >> >> > Tcpreplay-users mailing list >> >> >> > Tcpreplay-users@lists.sourceforge.net >> >> >> > https://lists.sourceforge.net/lists/listinfo/tcpreplay-users >> >> >> > Support Information: http://tcpreplay.synfin.net/trac/wiki/Support >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> ------------------------------------------------------------------------------ >> >> >> Check out the vibrant tech community on one of the world's most >> >> >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> >> >> _______________________________________________ >> >> >> Tcpreplay-users mailing list >> >> >> Tcpreplay-users@lists.sourceforge.net >> >> >> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users >> >> >> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > ------------------------------------------------------------------------------ >> >> > Check out the vibrant tech community on one of the world's most >> >> > engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> >> > _______________________________________________ >> >> > Tcpreplay-users mailing list >> >> > Tcpreplay-users@lists.sourceforge.net >> >> > https://lists.sourceforge.net/lists/listinfo/tcpreplay-users >> >> > Support Information: http://tcpreplay.synfin.net/trac/wiki/Support >> >> >> >> >> >> >> >> ------------------------------------------------------------------------------ >> >> Check out the vibrant tech community on one of the world's most >> >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> >> _______________________________________________ >> >> Tcpreplay-users mailing list >> >> Tcpreplay-users@lists.sourceforge.net >> >> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users >> >> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support >> > >> > >> > >> > >> > ------------------------------------------------------------------------------ >> > Check out the vibrant tech community on one of the world's most >> > engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> > _______________________________________________ >> > Tcpreplay-users mailing list >> > Tcpreplay-users@lists.sourceforge.net >> > https://lists.sourceforge.net/lists/listinfo/tcpreplay-users >> > Support Information: http://tcpreplay.synfin.net/trac/wiki/Support >> >> >> ------------------------------------------------------------------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> _______________________________________________ >> Tcpreplay-users mailing list >> Tcpreplay-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users >> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Tcpreplay-users mailing list > Tcpreplay-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/tcpreplay-users > Support Information: http://tcpreplay.synfin.net/trac/wiki/Support ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Tcpreplay-users mailing list Tcpreplay-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tcpreplay-users Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
