Thanks for your help!
On Oct 25, 2017 6:31 PM, "Aaron Turner" <synfina...@gmail.com> wrote:
> tcpreplay sends what is in the pcap. Exactly. Nothing more, nothing
> less. If it's vaild, then it sends valid. If it's invalid, then it
> sends invalid.
> --
> Aaron Turner
> https://synfin.net/ Twitter: @synfinatic
> My father once told me that respect for the truth comes close to being
> the basis for all morality. "Something cannot emerge from nothing,"
> he said. This is profound thinking if you understand how unstable
> "the truth" can be. -- Frank Herbert, Dune
>
>
> On Wed, Oct 25, 2017 at 5:12 PM, Zhao Lin <zlbingham...@gmail.com> wrote:
> > I see. Thanks. Then back to my first question, is tcpreplay capable of
> > sending out valid IP packets? For this to work I imagine it may have to
> > invoke ARP resolution to figure out the MAC address to send to, and
> modify
> > the ethernet header accordingly.
> >
> > From our conservation so far looks like the chance is slim..
> >
> > On Wed, Oct 25, 2017 at 10:59 AM, Aaron Turner <synfina...@gmail.com>
> wrote:
> >>
> >> "it depends". generally speaking, not all tcpprep splitting options
> >> work on client vs. server so it's kinda generic which is why you'll
> >> see a lot of phrases like PRIMARY and SECONDARY. you can always use
> >> tcpprep -I <cachefile> to see how things are going to get sent.
> >> --
> >> Aaron Turner
> >> https://synfin.net/ Twitter: @synfinatic
> >> My father once told me that respect for the truth comes close to being
> >> the basis for all morality. "Something cannot emerge from nothing,"
> >> he said. This is profound thinking if you understand how unstable
> >> "the truth" can be. -- Frank Herbert, Dune
> >>
> >>
> >> On Wed, Oct 25, 2017 at 10:16 AM, Zhao Lin <zlbingham...@gmail.com>
> wrote:
> >> > Haha. Those are in fact real IP's that I configured for the two NIC's,
> >> > just
> >> > so the packets can be routed by the router ... The way I am doing it
> >> > right
> >> > now works, BTW.
> >> >
> >> > To swap the two ports like this I would also need to swap the ports in
> >> > tcprewrite. This essentially makes no difference to me. What I'd like
> to
> >> > know is, will the first interface specified on the commands ALWAYS be
> >> > used
> >> > as client, and the second as server?
> >> >
> >> > Thanks,
> >> >
> >> > On Wed, Oct 25, 2017 at 6:53 AM, Aaron Turner <synfina...@gmail.com>
> >> > wrote:
> >> >>
> >> >> Ok, when I saw $PORT_0_IP and $PORT_1_IP I thought you meant the
> >> >> actual configured IP's on those NIC's.
> >> >>
> >> >> Honestly, been years since I've looked at that code/docs. If you use
> >> >> --intf1=$PORT_1 --intf2=$PORT_0 does it do what you want?
> >> >> --
> >> >> Aaron Turner
> >> >> https://synfin.net/ Twitter: @synfinatic
> >> >> My father once told me that respect for the truth comes close to
> being
> >> >> the basis for all morality. "Something cannot emerge from nothing,"
> >> >> he said. This is profound thinking if you understand how unstable
> >> >> "the truth" can be. -- Frank Herbert, Dune
> >> >>
> >> >>
> >> >> On Tue, Oct 24, 2017 at 11:12 PM, Zhao Lin <zlbingham...@gmail.com>
> >> >> wrote:
> >> >> > Both client and server resides in a single machine where tcpreplay
> >> >> > plays
> >> >> > client traffic through one interface/port, and server traffic
> though
> >> >> > another. I don't care how these packets gets handled, meaning I
> don't
> >> >> > care
> >> >> > what the IP payloads of these packets are, in fact I'll dedicate
> >> >> > these
> >> >> > two
> >> >> > ports to tcpreplay only, and probably configure iptables to drop
> all
> >> >> > incoming packets on both ports. My only purpose for this replay is
> to
> >> >> > get
> >> >> > the two way traffic running through router or some other device on
> >> >> > the
> >> >> > route
> >> >> > ...
> >> >> >
> >> >> > On Tue, Oct 24, 2017 at 10:43 PM, Aaron Turner <
> synfina...@gmail.com>
> >> >> > wrote:
> >> >> >>
> >> >> >> The problem is if tcpreplay sends the packets to a live IP
> address,
> >> >> >> the underlying IP stack isn't going to deal with the TCP seq/ack
> >> >> >> numbers sent by tcpreplay because the host is going to select a
> >> >> >> random
> >> >> >> initial sequence number.
> >> >> >>
> >> >> >> Tcpreplay is really only useful when faking hosts on the network.
> >> >> >> Ie:
> >> >> >> the IP addresses can't be in use by any host.
> >> >> >> --
> >> >> >> Aaron Turner
> >> >> >> https://synfin.net/ Twitter: @synfinatic
> >> >> >> My father once told me that respect for the truth comes close to
> >> >> >> being
> >> >> >> the basis for all morality. "Something cannot emerge from
> nothing,"
> >> >> >> he said. This is profound thinking if you understand how unstable
> >> >> >> "the truth" can be. -- Frank Herbert, Dune
> >> >> >>
> >> >> >>
> >> >> >> On Tue, Oct 24, 2017 at 10:16 PM, Zhao Lin <
> zlbingham...@gmail.com>
> >> >> >> wrote:
> >> >> >> > Thanks for prompt reply!
> >> >> >> >
> >> >> >> > From my understanding tcplivereplay initiates a new connection
> to
> >> >> >> > the
> >> >> >> > server
> >> >> >> > and compares the flow to make sure it goes like the pcap file.
> >> >> >> > This
> >> >> >> > isn't
> >> >> >> > what I want. I want to replay the packets in a given pcap file
> >> >> >> > mostly
> >> >> >> > as
> >> >> >> > they are between the two ports of a machine, so one port will
> act
> >> >> >> > as
> >> >> >> > client
> >> >> >> > and the other as server, and by replacing IP addresses of these
> >> >> >> > packets
> >> >> >> > (and
> >> >> >> > mac addresses) I make sure these packets can be properly routed
> >> >> >> > through
> >> >> >> > routers and possibly some other middle devices.
> >> >> >> >
> >> >> >> > Let me know if I wasn't clear. Do you have any insight about my
> >> >> >> > two
> >> >> >> > questions?
> >> >> >> >
> >> >> >> > Thanks!
> >> >> >> >
> >> >> >> > On Tue, Oct 24, 2017 at 6:43 PM, Aaron Turner
> >> >> >> > <synfina...@gmail.com>
> >> >> >> > wrote:
> >> >> >> >>
> >> >> >> >> your traffic is TCP. You can't use tcpreplay. You'll have to
> >> >> >> >> use
> >> >> >> >> tcpliveplay.
> >> >> >> >> --
> >> >> >> >> Aaron Turner
> >> >> >> >> https://synfin.net/ Twitter: @synfinatic
> >> >> >> >> My father once told me that respect for the truth comes close
> to
> >> >> >> >> being
> >> >> >> >> the basis for all morality. "Something cannot emerge from
> >> >> >> >> nothing,"
> >> >> >> >> he said. This is profound thinking if you understand how
> >> >> >> >> unstable
> >> >> >> >> "the truth" can be. -- Frank Herbert, Dune
> >> >> >> >>
> >> >> >> >>
> >> >> >> >> On Tue, Oct 24, 2017 at 4:37 PM, Zhao Lin
> >> >> >> >> <zlbingham...@gmail.com>
> >> >> >> >> wrote:
> >> >> >> >> > Hi,
> >> >> >> >> >
> >> >> >> >> > What I am trying to do is, set up two ports on a single
> >> >> >> >> > machine,
> >> >> >> >> > each
> >> >> >> >> > port
> >> >> >> >> > with its own IP address from different subnets. Then take a
> >> >> >> >> > pcap
> >> >> >> >> > file,
> >> >> >> >> > rewrite IP addresses of each packet to be between these two
> >> >> >> >> > ports,
> >> >> >> >> > and
> >> >> >> >> > replay, hoping the packets from one port will be routed
> >> >> >> >> > accordingly
> >> >> >> >> > and
> >> >> >> >> > reach the other port.
> >> >> >> >> >
> >> >> >> >> > 1. Given IP address, netmask and gateway address for each
> port,
> >> >> >> >> > is
> >> >> >> >> > it
> >> >> >> >> > possible to just rewrite the IP address of each packet,
> >> >> >> >> > possibly
> >> >> >> >> > drop
> >> >> >> >> > the
> >> >> >> >> > layer 2 header, and let tcpreplay utility to automatically do
> >> >> >> >> > ARP
> >> >> >> >> > resolution
> >> >> >> >> > and rewrite/fill in the layer 2 header?
> >> >> >> >> >
> >> >> >> >> > I don't really expect tcpreplay to be able to do this, and
> >> >> >> >> > didn't
> >> >> >> >> > find
> >> >> >> >> > any
> >> >> >> >> > information online, but I would like a confirmation.
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > 2. At the moment I do the following for layer 3 replay:
> >> >> >> >> >
> >> >> >> >> > # Split traffic based on the source/destination ports and
> >> >> >> >> > populate
> >> >> >> >> > the
> >> >> >> >> > cache
> >> >> >> >> > file
> >> >> >> >> > tcpprep --port --cachefile=$CACHE_FILE --pcap=$PCAP_FILE
> >> >> >> >> >
> >> >> >> >> > # Rewrite source/destination IP addresses
> >> >> >> >> > tcprewrite --endpoints=$PORT_0_IP:$PORT_1_IP
> >> >> >> >> > --cachefile=$CACHE_FILE
> >> >> >> >> > --infile=$PCAP_FILE --outfile=$TMP_PCAP_1
> >> >> >> >> >
> >> >> >> >> > # Rewrite destination mac addresses to the gateway so they
> can
> >> >> >> >> > be
> >> >> >> >> > routed
> >> >> >> >> > correctly
> >> >> >> >> > tcprewrite --enet-dmac=$PORT_0_GATEWAY_
> MAC,$PORT_1_GATEWAY_MAC
> >> >> >> >> > --cachefile=$CACHE_FILE --infile=$TMP_PCAP_1
> >> >> >> >> > --outfile=$TMP_PCAP_2
> >> >> >> >> >
> >> >> >> >> > # Replay
> >> >> >> >> > tcpreplay --intf1=$PORT_0 --intf2=$PORT_1
> >> >> >> >> > --cachefile=$CACHE_FILE
> >> >> >> >> > $TMP_PCAP_2
> >> >> >> >> >
> >> >> >> >> > Note the order I specify ports in these commands that I
> always
> >> >> >> >> > specify
> >> >> >> >> > PORT_0 before PORT_1. From what I read online, seems the
> first
> >> >> >> >> > port
> >> >> >> >> > being
> >> >> >> >> > specified will be used as the server, this, however, is
> >> >> >> >> > contradictory
> >> >> >> >> > to
> >> >> >> >> > my
> >> >> >> >> > tests, in which PORT_0 will be used as client as shown in one
> >> >> >> >> > of
> >> >> >> >> > many
> >> >> >> >> > such
> >> >> >> >> > packets:
> >> >> >> >> >
> >> >> >> >> > 3 1.559392574 60 172.20.110.231 → 172.20.124.243 TCP 64287 →
> >> >> >> >> > https(443)
> >> >> >> >> > [ACK] Seq=1 Ack=1 Win=65535 Len=0 eth:ethertype:ip:tcp
> >> >> >> >> >
> >> >> >> >> > 172.20.110.231 is the $PORT_0_IP. Did I miss anything?
> >> >> >> >> >
> >> >> >> >> > Many thanks,
> >> >> >> >> > Zhao
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > ------------------------------------------------------------
> ------------------
> >> >> >> >> > Check out the vibrant tech community on one of the world's
> most
> >> >> >> >> > engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> >> >> >> >> > _______________________________________________
> >> >> >> >> > Tcpreplay-users mailing list
> >> >> >> >> > Tcpreplay-users@lists.sourceforge.net
> >> >> >> >> > https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
> >> >> >> >> > Support Information:
> >> >> >> >> > http://tcpreplay.synfin.net/trac/wiki/Support
> >> >> >> >>
> >> >> >> >>
> >> >> >> >>
> >> >> >> >>
> >> >> >> >>
> >> >> >> >> ------------------------------------------------------------
> ------------------
> >> >> >> >> Check out the vibrant tech community on one of the world's most
> >> >> >> >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> >> >> >> >> _______________________________________________
> >> >> >> >> Tcpreplay-users mailing list
> >> >> >> >> Tcpreplay-users@lists.sourceforge.net
> >> >> >> >> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
> >> >> >> >> Support Information:
> >> >> >> >> http://tcpreplay.synfin.net/trac/wiki/Support
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > ------------------------------------------------------------
> ------------------
> >> >> >> > Check out the vibrant tech community on one of the world's most
> >> >> >> > engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> >> >> >> > _______________________________________________
> >> >> >> > Tcpreplay-users mailing list
> >> >> >> > Tcpreplay-users@lists.sourceforge.net
> >> >> >> > https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
> >> >> >> > Support Information: http://tcpreplay.synfin.net/
> trac/wiki/Support
> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >> ------------------------------------------------------------
> ------------------
> >> >> >> Check out the vibrant tech community on one of the world's most
> >> >> >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> >> >> >> _______________________________________________
> >> >> >> Tcpreplay-users mailing list
> >> >> >> Tcpreplay-users@lists.sourceforge.net
> >> >> >> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
> >> >> >> Support Information: http://tcpreplay.synfin.net/
> trac/wiki/Support
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> > ------------------------------------------------------------
> ------------------
> >> >> > Check out the vibrant tech community on one of the world's most
> >> >> > engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> >> >> > _______________________________________________
> >> >> > Tcpreplay-users mailing list
> >> >> > Tcpreplay-users@lists.sourceforge.net
> >> >> > https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
> >> >> > Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
> >> >>
> >> >>
> >> >>
> >> >> ------------------------------------------------------------
> ------------------
> >> >> Check out the vibrant tech community on one of the world's most
> >> >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> >> >> _______________________________________________
> >> >> Tcpreplay-users mailing list
> >> >> Tcpreplay-users@lists.sourceforge.net
> >> >> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
> >> >> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
> >> >
> >> >
> >> >
> >> >
> >> > ------------------------------------------------------------
> ------------------
> >> > Check out the vibrant tech community on one of the world's most
> >> > engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> >> > _______________________________________________
> >> > Tcpreplay-users mailing list
> >> > Tcpreplay-users@lists.sourceforge.net
> >> > https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
> >> > Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
> >>
> >>
> >> ------------------------------------------------------------
> ------------------
> >> Check out the vibrant tech community on one of the world's most
> >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> >> _______________________________________________
> >> Tcpreplay-users mailing list
> >> Tcpreplay-users@lists.sourceforge.net
> >> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
> >> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
> >
> >
> >
> > ------------------------------------------------------------
> ------------------
> > Check out the vibrant tech community on one of the world's most
> > engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> > _______________________________________________
> > Tcpreplay-users mailing list
> > Tcpreplay-users@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
> > Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Tcpreplay-users mailing list
> Tcpreplay-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Tcpreplay-users mailing list
Tcpreplay-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
