Thanks for the quick response Aaron, unfortunately I can't send you the pcap I used as I don't have permission. I found a work around anyway, which was to classify the traffic the wrong way round and then swap the client and server using the -c flag and specifying the netmask of the server (or client depending on how you look at it). As a request for future enhancements, for me it would be really helpful to be able to split traffic based on client netmasks rather than server, as the traffic I have is local traffic accessing the internet, so the clients are a lot easier to specify than the server. If that's a simple change you could slip in some time, it would be greatly appreciated! Thanks,
Cliff. ---------------------------------------- > Date: Thu, 7 Feb 2008 08:48:47 -0800 > From: [EMAIL PROTECTED] > To: [email protected] > Subject: Re: [Tcpreplay-users] tcp prep classification problems > > Hey Clifford, > > Can you send me a pcap? Hard to diagnose the problem without being > able to reproduce it. > > Thanks, > Aaron > > On Feb 7, 2008 1:27 AM, Clifford Bailey wrote: >> >> Hi, >> >> I'm a new user of tcpreplay. I am trying to use it to test a firewall, much >> as in the example you have on the site. The problem I have is that tcpprep >> seems to be classifying my traffic the wrong way round consistently. I tried >> just swapping over the values for server and client, but tcpreplay then >> sends out the client traffic after the server traffic, so I get my ack >> before my request, which the firewall doesn't like very much! I am using the >> following script to generate the pcap file: >> >> tcpprep -i ${CAP_UNICAST} -p -o ${CACHE} >> >> # rewrite -- works but server and client the wrong way round >> tcprewrite -c ${CACHE} --enet-dmac=${FW_MAC_EXT},${FW_MAC_INT} >> --enet-smac=${SERVER_MAC},${CLIENT_MAC} >> --endpoints=${SERVER_IP}:${CLIENT_IP} -i ${CAP_UNICAST} -o ${PCAPOUT} >> >> If I then view the pcap file created, the macs assigned are all the wrong >> way round. I tried just swapping over the macs, which works to a point, in >> that the pcap file then looks right, but it seems that because the traffic >> has been classified as server/client tcpreplay sends it in a specific order, >> rather than the order on the file. >> >> (I run replay with the command: tcpreplay -M 100 -l 0 -i $SERVER_INT -I >> $CLIENT_INT -c $CACHE $PCAPOUT). I've read and re-read the man pages, and as >> far as I can see this is correct, however I could well have made a mistake. >> Is it glaringly obvious to anyone what I've done wrong? >> Thanks, >> >> Cliff. > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Tcpreplay-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/tcpreplay-users _________________________________________________________________ Get Hotmail on your mobile, text MSN to 63463! http://mobile.uk.msn.com/pc/mail.aspx ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Tcpreplay-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
