Actually, I have a better way... Basically you can do multiple maps with a single portmap argument, but you're limited in your shell for the maximum length of a command. To get around that limitation, use a config file.
Your config file would look something like this: [TCPREWITE] portmap 0:50001,1:50001,2:50001,3:50001,4:50001... then run: tcprewrite -i in.pcap -o out.pcap --load-opts=config.file 2010/1/14 Aaron Turner <[email protected]>: > Well I don't know when I'll have time to add any "any" match feature > to portmap... (a few days at least) so if you have some C skills that > might be the solution... otherwise, just let it run overnight. > > 2010/1/14 <[email protected]>: >> yep, it's a way to do it, i was thinking about it, ... but trace is a 10GB >> file ... >> >> W dniu Aaron Turner <[email protected]> napisał(a): >>> Unfortunately tcprewrite doesn't do that right now. Your best bet is >>> >>> to use a loop sorta like this (untested, may have bugs, but you'll get >>> >>> the idea): >>> >>> >>> >>> i=0 >>> >>> while [ $i -lt 65535 ] ; do >>> >>> tcprewrite --portmap=$i:8080 -i in.pcap -o out.pcap >>> >>> mv out.pcap in.pcap >>> >>> i=$(( $I + 1)) >>> >>> done >>> >>> >>> >>> -Aaron >>> >>> >>> >>> 2010/1/14 [email protected]>: >>> >>> > Yes, I know, but how to rewrite all port numbers to a specific one? >>> >>> > --portmap=80:8080 is one to one, but i need --portmap=all:8080. >>> >>> > >>> >>> > W dniu Aaron Turner [email protected]> napisał(a): >>> >>> >> On Thu, Jan 14, 2010 at 3:56 AM, Szymon Muchajer >>> >>> >> >>> >>> >> [email protected]> wrote: >>> >>> >> >>> >>> >> > >>> >>> >> >>> >>> >> > Hello! >>> >>> >> >>> >>> >> > >>> >>> >> >>> >>> >> > I have a pcap dump file with trace from some backbone link. I need to >>> >>> >> > resend >>> >>> >> >>> >>> >> > it between two computers, but I need it to be sent from specific >>> >> > source >>> >>> >> > IP >>> >>> >> >>> >>> >> > address and port to a specific IP address and the same port. The >>> >>> >> > direction >>> >>> >> >>> >>> >> > of traffic in trace doesn't matter for me. I just need it all to be >>> >> > from >>> >>> >> >>> >>> >> > e.g. 192.168.20.20:50001 to 192.168.20.21:50001. >>> >>> >> >>> >>> >> > I know how to change IP addresses, but have no idea how to change ALL >>> >>> >> > ports >>> >>> >> >>> >>> >> > to one specific. >>> >>> >> >>> >>> >> > Till now i'm preparing cache file from trace with --regex="" and then >>> >>> >> > just >>> >>> >> >>> >>> >> > rewrite with --endpoint. >>> >>> >> >>> >>> >> > Could you help me somehow? >>> >>> >> >>> >>> >> >>> >>> >> >>> >>> >> You can rewrite port numbers via the --portmap option. >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> -- >>> >>> Aaron Turner >>> >>> http://synfin.net/ >>> >>> http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & >>> Windows >>> >>> Those who would give up essential Liberty, to purchase a little temporary >>> >>> Safety, deserve neither Liberty nor Safety. >>> >>> -- Benjamin Franklin >>> >>> "carpe diem quam minimum credula postero" >>> > > > > -- > Aaron Turner > http://synfin.net/ > http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & > Windows > Those who would give up essential Liberty, to purchase a little temporary > Safety, deserve neither Liberty nor Safety. > -- Benjamin Franklin > "carpe diem quam minimum credula postero" > -- Aaron Turner http://synfin.net/ http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin "carpe diem quam minimum credula postero" ------------------------------------------------------------------------------ Throughout its 18-year history, RSA Conference consistently attracts the world's best and brightest in the field, creating opportunities for Conference attendees to learn about information security's most important issues through interactions with peers, luminaries and emerging and established companies. http://p.sf.net/sfu/rsaconf-dev2dev _______________________________________________ Tcpreplay-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/tcpreplay-users Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
