On Mon, May 26, 2008 at 2:11 PM, Piers O'Hanlon <[EMAIL PROTECTED]> wrote:
> Hi again,
>
> On Wed, May 21, 2008 at 7:25 PM, Aaron Turner <[EMAIL PROTECTED]> wrote:
>> On Wed, May 21, 2008 at 10:14 AM, Piers O'Hanlon <[EMAIL PROTECTED]> wrote:
>>> I guess arbitrary adjustments to fields/bytes (maybe just byte counts
>>> within a packet would be nice) -
>>
>> For example???? Not trying to be difficult, but I'm trying to
>> understand the scope of the problem. Perhaps more importantly, are
>> we talking L2-L4 headers or TCP stream payload data? Do you need the
>> payload stream reassembled (TCP segments, IP frags)?
>>
>> Also, what do you mean by "byte counts within a packet"? Not sure how
>> that is different from the pad/truncate functionality tcprewrite
>> already has.
>>
> Sorry I didn't explain clearly - I meant that for example - I would
> like to be able to replace
> the 32nd byte in the packet with an arbitrary number - this could
> dependent on the value of
> another byte (or sequence). Handier still would be if there was a way
> (like tshark allows for
> display) to access particular bytes within predefined payload type by
> name (as opposed to
> byte counting to the right byte within a packet). I guess checksum
> would need recalculating.
> E.g if I've got a bunch of RTP packets stored and I want to, say tweak
> some bits in the header or
> payload.
Yeah, that seems to be the holy grail... something like:
while (packet = tcpedit.get_next_packet()) {
if (packet.ip.proto == 6 and packet.tcp.dst_port == 80 and
packet.tcp.payload.matches(/^GET \/(.*) HTTP\/1.\d$/)) {
packet.tcp.payload.replace($1, "/some_new_url.html")
}
packet.update_checksums()
tcpedit.write_packet(packet)
}
[snip]
>> Like one feature I'm thinking about is a graphical wizard (most likely
>> a webapp since I don't know QT/GTK/Fox or any other widget library and
>> my UI skills frankly suck ass) which basically walks people through a
>> bunch of questions and spits out a config file for
>> tcpprep/tcprewrite/tcpreplay. Based on most of the questions on this
>> list, I think such a tool would be really helpful for a lot of people
>> and make tcpreplay useful to a wider userbase.
>>
> Maybe - I guess the kind of people who want to replay tcpdump streams
> tend to know a bit more about what they're doing than the average user.
I used to think that was true, but I've learned there is a sizable
group of users who are just getting started and don't have a deep
understanding of networking or protocols.
--
Aaron Turner
http://synfin.net/
http://tcpreplay.synfin.net/ - Pcap editing & replay tools for Unix
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -- Benjamin Franklin
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Tcpreplay-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
