On Wed, Apr 30, 2008 at 4:02 PM, Mohamed Kouki <[EMAIL PROTECTED]> wrote: > gi Aaron thanks fo your help > i have alredy read the documentation > i'm testing a firewall now (on transparent mode) , the problem is that > tcpreplay is sending all the packets and i just want to transmit pasckets in > one direction > another question plz , can i run tcpreplay between two machines or i should > run it on a single machine between two interfaces ? > thanks a lot
I don't see how you can possibly test a firewall by only sending one side of the traffic. Most firewalls nowadays have some basic state tracking for things like TCP 3way handshakes and the like. I've documented how to test a firewall or other transparent device with tcpreplay here: http://tcpreplay.synfin.net/trac/wiki/usage#PassingTrafficThroughanIPSTransparentDevice If running in port split mode doesn't work for you (you have services running on high ports) there are a bunch of other ways to split traffic which is documented here: http://tcpreplay.synfin.net/trac/wiki/tcpprep#BasicUsage One other thing: there's a limitation with tcpprep that you can't run it and ONLY exclude packets. So if you just remove certain packets as a first step, I would use tcpdump: tcpdump -r old.pcap -s0 -w new.pcap <BPF filter matching traffic to send> that will create a new pcap with only the packets you want. You can then use that pcap with tcpprep, tcpreplay, etc. -- Aaron Turner http://synfin.net/ http://tcpreplay.synfin.net/ - Pcap editing & replay tools for Unix They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone _______________________________________________ Tcpreplay-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
