If you want to test a NIDS, why are you running your own TCP/UDP server(s)? Just let tcpreplay do it's thing.
Or maybe use tcpreplay to generate background traffic and use a DDoS tool to attack a server? Maybe I'm miss-understanding what you're trying to do- but just realize that tcpreplay can't do TCP 3 way handshakes to a real server or anything like that. Flowreplay can sorta do it, but it's pretty alpha quality and is probably going to not work well at all with those large/random datasets. -- Aaron Turner https://synfin.net/ Twitter: @synfinatic My father once told me that respect for the truth comes close to being the basis for all morality. "Something cannot emerge from nothing," he said. This is profound thinking if you understand how unstable "the truth" can be. -- Frank Herbert, Dune On Mon, Jan 13, 2020 at 12:51 PM esoteric escape <manip...@gmail.com> wrote: > > Yes, I want to test NIDS. It has to detect a flood attack in the traffic > simulation. I guess I'll need to use flowreplay because about 80% of traffic > would be TCP. Just to be clear, by preprocessing it means that I'll need to > remove the SYN+ACKs and ACKs and keep the SYN packets only since server is > going to send them or will they be taken care? I suppose I'll be running my > own TCP servers and UDP servers or the tool can manage them to intercept > traffic? > > Thank you very much! > > On Mon, Jan 13, 2020 at 11:44 PM Aaron Turner <synfina...@gmail.com> wrote: >> >> If you just want to replay packets, then yeah, that's what tcpreplay does. >> >> As for the DUT- it's really about how it processes the packets. >> >> For example: let's say you wanted to use tcpreplay to test a >> webserver. I'd tell you "sorry, tcpreplay can't help with that" >> because it's sending the traffic exactly as stored in the pcap and >> that won't work with live TCP servers. flowreplay might be able to >> help with that, but I seriously doubt it will work with the >> Bigflow/CAIDA data sets - at least not without a lot of pre-processing >> to clean them up. >> >> If you wanted to test a NIDS, then that's easy. If you wanted to test >> an inline device (a switch or router for example) then things are a >> little more complicated because you need to split the client/server >> traffic in order to test traffic _through_ the device because it >> expects the client and server to be on different Ethernet ports. >> >> -- >> Aaron Turner >> https://synfin.net/ Twitter: @synfinatic >> My father once told me that respect for the truth comes close to being >> the basis for all morality. "Something cannot emerge from nothing," >> he said. This is profound thinking if you understand how unstable >> "the truth" can be. -- Frank Herbert, Dune >> >> On Mon, Jan 13, 2020 at 10:06 AM esoteric escape <manip...@gmail.com> wrote: >> > >> > I suppose DTU refers to my operating system and network devices included. >> > I am using Linux (Ubuntu LTS) with network simulation software where I >> > create a topology with L2/L3 switches and a couple of hosts. My goal to >> > replay the dataset traffic which may contain TCP/UDP/ICMP etc. packets. I >> > was able to replay the dataset. In order for the traffic to reach to a >> > destination server in topology, I remapped every packet to point to its >> > destination and also changed all the fields to the source. Is this what I >> > should do? >> > >> > Next, I am thinking if I should also change the TCP/UDP ports to actually >> > make communication with the server. I am looking for an advice in this >> > regard if its needed to make tcpreplay work and simulate properly. >> > _______________________________________________ >> > Tcpreplay-users mailing list >> > Tcpreplay-users@lists.sourceforge.net >> > https://lists.sourceforge.net/lists/listinfo/tcpreplay-users >> > Support Information: http://tcpreplay.synfin.net/trac/wiki/Support >> >> >> _______________________________________________ >> Tcpreplay-users mailing list >> Tcpreplay-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users >> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support > > _______________________________________________ > Tcpreplay-users mailing list > Tcpreplay-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/tcpreplay-users > Support Information: http://tcpreplay.synfin.net/trac/wiki/Support _______________________________________________ Tcpreplay-users mailing list Tcpreplay-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tcpreplay-users Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
