tcpreplay sends what is in the pcap. Exactly. Nothing more, nothing less. If it's vaild, then it sends valid. If it's invalid, then it sends invalid. -- Aaron Turner https://synfin.net/ Twitter: @synfinatic My father once told me that respect for the truth comes close to being the basis for all morality. "Something cannot emerge from nothing," he said. This is profound thinking if you understand how unstable "the truth" can be. -- Frank Herbert, Dune
On Wed, Oct 25, 2017 at 5:12 PM, Zhao Lin <zlbingham...@gmail.com> wrote: > I see. Thanks. Then back to my first question, is tcpreplay capable of > sending out valid IP packets? For this to work I imagine it may have to > invoke ARP resolution to figure out the MAC address to send to, and modify > the ethernet header accordingly. > > From our conservation so far looks like the chance is slim.. > > On Wed, Oct 25, 2017 at 10:59 AM, Aaron Turner <synfina...@gmail.com> wrote: >> >> "it depends". generally speaking, not all tcpprep splitting options >> work on client vs. server so it's kinda generic which is why you'll >> see a lot of phrases like PRIMARY and SECONDARY. you can always use >> tcpprep -I <cachefile> to see how things are going to get sent. >> -- >> Aaron Turner >> https://synfin.net/ Twitter: @synfinatic >> My father once told me that respect for the truth comes close to being >> the basis for all morality. "Something cannot emerge from nothing," >> he said. This is profound thinking if you understand how unstable >> "the truth" can be. -- Frank Herbert, Dune >> >> >> On Wed, Oct 25, 2017 at 10:16 AM, Zhao Lin <zlbingham...@gmail.com> wrote: >> > Haha. Those are in fact real IP's that I configured for the two NIC's, >> > just >> > so the packets can be routed by the router ... The way I am doing it >> > right >> > now works, BTW. >> > >> > To swap the two ports like this I would also need to swap the ports in >> > tcprewrite. This essentially makes no difference to me. What I'd like to >> > know is, will the first interface specified on the commands ALWAYS be >> > used >> > as client, and the second as server? >> > >> > Thanks, >> > >> > On Wed, Oct 25, 2017 at 6:53 AM, Aaron Turner <synfina...@gmail.com> >> > wrote: >> >> >> >> Ok, when I saw $PORT_0_IP and $PORT_1_IP I thought you meant the >> >> actual configured IP's on those NIC's. >> >> >> >> Honestly, been years since I've looked at that code/docs. If you use >> >> --intf1=$PORT_1 --intf2=$PORT_0 does it do what you want? >> >> -- >> >> Aaron Turner >> >> https://synfin.net/ Twitter: @synfinatic >> >> My father once told me that respect for the truth comes close to being >> >> the basis for all morality. "Something cannot emerge from nothing," >> >> he said. This is profound thinking if you understand how unstable >> >> "the truth" can be. -- Frank Herbert, Dune >> >> >> >> >> >> On Tue, Oct 24, 2017 at 11:12 PM, Zhao Lin <zlbingham...@gmail.com> >> >> wrote: >> >> > Both client and server resides in a single machine where tcpreplay >> >> > plays >> >> > client traffic through one interface/port, and server traffic though >> >> > another. I don't care how these packets gets handled, meaning I don't >> >> > care >> >> > what the IP payloads of these packets are, in fact I'll dedicate >> >> > these >> >> > two >> >> > ports to tcpreplay only, and probably configure iptables to drop all >> >> > incoming packets on both ports. My only purpose for this replay is to >> >> > get >> >> > the two way traffic running through router or some other device on >> >> > the >> >> > route >> >> > ... >> >> > >> >> > On Tue, Oct 24, 2017 at 10:43 PM, Aaron Turner <synfina...@gmail.com> >> >> > wrote: >> >> >> >> >> >> The problem is if tcpreplay sends the packets to a live IP address, >> >> >> the underlying IP stack isn't going to deal with the TCP seq/ack >> >> >> numbers sent by tcpreplay because the host is going to select a >> >> >> random >> >> >> initial sequence number. >> >> >> >> >> >> Tcpreplay is really only useful when faking hosts on the network. >> >> >> Ie: >> >> >> the IP addresses can't be in use by any host. >> >> >> -- >> >> >> Aaron Turner >> >> >> https://synfin.net/ Twitter: @synfinatic >> >> >> My father once told me that respect for the truth comes close to >> >> >> being >> >> >> the basis for all morality. "Something cannot emerge from nothing," >> >> >> he said. This is profound thinking if you understand how unstable >> >> >> "the truth" can be. -- Frank Herbert, Dune >> >> >> >> >> >> >> >> >> On Tue, Oct 24, 2017 at 10:16 PM, Zhao Lin <zlbingham...@gmail.com> >> >> >> wrote: >> >> >> > Thanks for prompt reply! >> >> >> > >> >> >> > From my understanding tcplivereplay initiates a new connection to >> >> >> > the >> >> >> > server >> >> >> > and compares the flow to make sure it goes like the pcap file. >> >> >> > This >> >> >> > isn't >> >> >> > what I want. I want to replay the packets in a given pcap file >> >> >> > mostly >> >> >> > as >> >> >> > they are between the two ports of a machine, so one port will act >> >> >> > as >> >> >> > client >> >> >> > and the other as server, and by replacing IP addresses of these >> >> >> > packets >> >> >> > (and >> >> >> > mac addresses) I make sure these packets can be properly routed >> >> >> > through >> >> >> > routers and possibly some other middle devices. >> >> >> > >> >> >> > Let me know if I wasn't clear. Do you have any insight about my >> >> >> > two >> >> >> > questions? >> >> >> > >> >> >> > Thanks! >> >> >> > >> >> >> > On Tue, Oct 24, 2017 at 6:43 PM, Aaron Turner >> >> >> > <synfina...@gmail.com> >> >> >> > wrote: >> >> >> >> >> >> >> >> your traffic is TCP. You can't use tcpreplay. You'll have to >> >> >> >> use >> >> >> >> tcpliveplay. >> >> >> >> -- >> >> >> >> Aaron Turner >> >> >> >> https://synfin.net/ Twitter: @synfinatic >> >> >> >> My father once told me that respect for the truth comes close to >> >> >> >> being >> >> >> >> the basis for all morality. "Something cannot emerge from >> >> >> >> nothing," >> >> >> >> he said. This is profound thinking if you understand how >> >> >> >> unstable >> >> >> >> "the truth" can be. -- Frank Herbert, Dune >> >> >> >> >> >> >> >> >> >> >> >> On Tue, Oct 24, 2017 at 4:37 PM, Zhao Lin >> >> >> >> <zlbingham...@gmail.com> >> >> >> >> wrote: >> >> >> >> > Hi, >> >> >> >> > >> >> >> >> > What I am trying to do is, set up two ports on a single >> >> >> >> > machine, >> >> >> >> > each >> >> >> >> > port >> >> >> >> > with its own IP address from different subnets. Then take a >> >> >> >> > pcap >> >> >> >> > file, >> >> >> >> > rewrite IP addresses of each packet to be between these two >> >> >> >> > ports, >> >> >> >> > and >> >> >> >> > replay, hoping the packets from one port will be routed >> >> >> >> > accordingly >> >> >> >> > and >> >> >> >> > reach the other port. >> >> >> >> > >> >> >> >> > 1. Given IP address, netmask and gateway address for each port, >> >> >> >> > is >> >> >> >> > it >> >> >> >> > possible to just rewrite the IP address of each packet, >> >> >> >> > possibly >> >> >> >> > drop >> >> >> >> > the >> >> >> >> > layer 2 header, and let tcpreplay utility to automatically do >> >> >> >> > ARP >> >> >> >> > resolution >> >> >> >> > and rewrite/fill in the layer 2 header? >> >> >> >> > >> >> >> >> > I don't really expect tcpreplay to be able to do this, and >> >> >> >> > didn't >> >> >> >> > find >> >> >> >> > any >> >> >> >> > information online, but I would like a confirmation. >> >> >> >> > >> >> >> >> > >> >> >> >> > >> >> >> >> > 2. At the moment I do the following for layer 3 replay: >> >> >> >> > >> >> >> >> > # Split traffic based on the source/destination ports and >> >> >> >> > populate >> >> >> >> > the >> >> >> >> > cache >> >> >> >> > file >> >> >> >> > tcpprep --port --cachefile=$CACHE_FILE --pcap=$PCAP_FILE >> >> >> >> > >> >> >> >> > # Rewrite source/destination IP addresses >> >> >> >> > tcprewrite --endpoints=$PORT_0_IP:$PORT_1_IP >> >> >> >> > --cachefile=$CACHE_FILE >> >> >> >> > --infile=$PCAP_FILE --outfile=$TMP_PCAP_1 >> >> >> >> > >> >> >> >> > # Rewrite destination mac addresses to the gateway so they can >> >> >> >> > be >> >> >> >> > routed >> >> >> >> > correctly >> >> >> >> > tcprewrite --enet-dmac=$PORT_0_GATEWAY_MAC,$PORT_1_GATEWAY_MAC >> >> >> >> > --cachefile=$CACHE_FILE --infile=$TMP_PCAP_1 >> >> >> >> > --outfile=$TMP_PCAP_2 >> >> >> >> > >> >> >> >> > # Replay >> >> >> >> > tcpreplay --intf1=$PORT_0 --intf2=$PORT_1 >> >> >> >> > --cachefile=$CACHE_FILE >> >> >> >> > $TMP_PCAP_2 >> >> >> >> > >> >> >> >> > Note the order I specify ports in these commands that I always >> >> >> >> > specify >> >> >> >> > PORT_0 before PORT_1. From what I read online, seems the first >> >> >> >> > port >> >> >> >> > being >> >> >> >> > specified will be used as the server, this, however, is >> >> >> >> > contradictory >> >> >> >> > to >> >> >> >> > my >> >> >> >> > tests, in which PORT_0 will be used as client as shown in one >> >> >> >> > of >> >> >> >> > many >> >> >> >> > such >> >> >> >> > packets: >> >> >> >> > >> >> >> >> > 3 1.559392574 60 172.20.110.231 → 172.20.124.243 TCP 64287 → >> >> >> >> > https(443) >> >> >> >> > [ACK] Seq=1 Ack=1 Win=65535 Len=0 eth:ethertype:ip:tcp >> >> >> >> > >> >> >> >> > 172.20.110.231 is the $PORT_0_IP. Did I miss anything? >> >> >> >> > >> >> >> >> > Many thanks, >> >> >> >> > Zhao >> >> >> >> > >> >> >> >> > >> >> >> >> > >> >> >> >> > >> >> >> >> > >> >> >> >> > ------------------------------------------------------------------------------ >> >> >> >> > Check out the vibrant tech community on one of the world's most >> >> >> >> > engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> >> >> >> > _______________________________________________ >> >> >> >> > Tcpreplay-users mailing list >> >> >> >> > Tcpreplay-users@lists.sourceforge.net >> >> >> >> > https://lists.sourceforge.net/lists/listinfo/tcpreplay-users >> >> >> >> > Support Information: >> >> >> >> > http://tcpreplay.synfin.net/trac/wiki/Support >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> ------------------------------------------------------------------------------ >> >> >> >> Check out the vibrant tech community on one of the world's most >> >> >> >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> >> >> >> _______________________________________________ >> >> >> >> Tcpreplay-users mailing list >> >> >> >> Tcpreplay-users@lists.sourceforge.net >> >> >> >> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users >> >> >> >> Support Information: >> >> >> >> http://tcpreplay.synfin.net/trac/wiki/Support >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> > ------------------------------------------------------------------------------ >> >> >> > Check out the vibrant tech community on one of the world's most >> >> >> > engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> >> >> > _______________________________________________ >> >> >> > Tcpreplay-users mailing list >> >> >> > Tcpreplay-users@lists.sourceforge.net >> >> >> > https://lists.sourceforge.net/lists/listinfo/tcpreplay-users >> >> >> > Support Information: http://tcpreplay.synfin.net/trac/wiki/Support >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> ------------------------------------------------------------------------------ >> >> >> Check out the vibrant tech community on one of the world's most >> >> >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> >> >> _______________________________________________ >> >> >> Tcpreplay-users mailing list >> >> >> Tcpreplay-users@lists.sourceforge.net >> >> >> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users >> >> >> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > ------------------------------------------------------------------------------ >> >> > Check out the vibrant tech community on one of the world's most >> >> > engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> >> > _______________________________________________ >> >> > Tcpreplay-users mailing list >> >> > Tcpreplay-users@lists.sourceforge.net >> >> > https://lists.sourceforge.net/lists/listinfo/tcpreplay-users >> >> > Support Information: http://tcpreplay.synfin.net/trac/wiki/Support >> >> >> >> >> >> >> >> ------------------------------------------------------------------------------ >> >> Check out the vibrant tech community on one of the world's most >> >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> >> _______________________________________________ >> >> Tcpreplay-users mailing list >> >> Tcpreplay-users@lists.sourceforge.net >> >> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users >> >> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support >> > >> > >> > >> > >> > ------------------------------------------------------------------------------ >> > Check out the vibrant tech community on one of the world's most >> > engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> > _______________________________________________ >> > Tcpreplay-users mailing list >> > Tcpreplay-users@lists.sourceforge.net >> > https://lists.sourceforge.net/lists/listinfo/tcpreplay-users >> > Support Information: http://tcpreplay.synfin.net/trac/wiki/Support >> >> >> ------------------------------------------------------------------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> _______________________________________________ >> Tcpreplay-users mailing list >> Tcpreplay-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users >> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Tcpreplay-users mailing list > Tcpreplay-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/tcpreplay-users > Support Information: http://tcpreplay.synfin.net/trac/wiki/Support ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Tcpreplay-users mailing list Tcpreplay-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tcpreplay-users Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
