Re: [Tcpreplay-users] Error message

Wed, 31 Aug 2011 16:14:05 -0700 

I take it back. The rewrite is running, but the IP layer is not getting 
rewritten. Then the MAC layer is rewritten just fine.



The resulting capture with wrong IP number fails to replay correctly.





[root@replay-02 tmp]# tcpdump -e -nn -tqr cap.pcap

reading from file cap.pcap, link-type LINUX_SLL (Linux cooked)

  P 02:1a:c5:01:00:00 1.1.233.209.23588 > 1.2.176.1.80: tcp 0

  P 02:1a:c5:02:00:00 1.2.176.1.80 > 1.1.233.209.23588: tcp 0

  P 02:1a:c5:01:00:00 1.1.233.209.23588 > 1.2.176.1.80: tcp 0

  P 02:1a:c5:01:00:00 1.1.233.209.23588 > 1.2.176.1.80: tcp 1380

  P 02:1a:c5:01:00:00 1.1.233.209.23588 > 1.2.176.1.80: tcp 458

  P 02:1a:c5:02:00:00 1.2.176.1.80 > 1.1.233.209.23588: tcp 0

  P 02:1a:c5:01:00:00 1.1.233.209.23588 > 1.2.176.1.80: tcp 0

  P 02:1a:c5:02:00:00 1.2.176.1.80 > 1.1.233.209.23588: tcp 0

  P 02:1a:c5:01:00:00 1.1.233.209.23588 > 1.2.176.1.80: tcp 0

[root@replay-02 tmp]# tcprewrite --dlt=enet --enet-vlan=del 
--pnat=1.1.233.209/32:192.168.129.1/32,1.2.176.1/32:192.168.1.1/32 
--infile=cap.pcap --outfile=NORMAL.cap -v

reading from file -, link-type EN10MB (Ethernet)

09:38:07.877834 02:1a:c5:01:00:00 Null > 00:03:00:01:00:06 Unknown DSAP 0x08 
Supervisory, Receiver not Ready, rcv seq 0, Flags [Command], length 48

09:38:07.879223 02:1a:c5:02:00:00 Null > 00:03:00:01:00:06 Unknown DSAP 0x08 
Supervisory, Receiver not Ready, rcv seq 0, Flags [Command], length 48

09:38:07.880207 02:1a:c5:01:00:00 Null > 00:03:00:01:00:06 Unknown DSAP 0x08 
Supervisory, Receiver not Ready, rcv seq 0, Flags [Command], length 48

09:38:07.883955 02:1a:c5:01:00:00 Null > 00:03:00:01:00:06 Unknown DSAP 0x08 
Supervisory, Receiver not Ready, rcv seq 0, Flags [Command], length 1422

09:38:07.885953 02:1a:c5:01:00:00 Null > 00:03:00:01:00:06 Unknown DSAP 0x08 
Supervisory, Receiver not Ready, rcv seq 0, Flags [Command], length 500



09:38:07.887592 02:1a:c5:02:00:00 Null > 00:03:00:01:00:06 Unknown DSAP 0x08 
Supervisory, Receiver not Ready, rcv seq 0, Flags [Command], length 48





09:38:08.020501 02:1a:c5:01:00:00 Null > 00:03:00:01:00:06 Unknown DSAP 0x08 
Supervisory, Receiver not Ready, rcv seq 0, Flags [Command], length 48





09:38:08.022390 02:1a:c5:02:00:00 Null > 00:03:00:01:00:06 Unknown DSAP 0x08 
Supervisory, Receiver not Ready, rcv seq 0, Flags [Command], length 48





09:38:08.023499 02:1a:c5:01:00:00 Null > 00:03:00:01:00:06 Unknown DSAP 0x08 
Supervisory, Receiver not Ready, rcv seq 0, Flags [Command], length 48





[root@replay-02 tmp]# tcpdump -e -nn -tqr NORMAL.cap

reading from file NORMAL.cap, link-type EN10MB (Ethernet)

02:1a:c5:01:00:00 > 00:00:00:00:00:00, IPv4, length 60: 1.1.233.209.23588 > 
1.2.176.1.80: tcp 0

02:1a:c5:02:00:00 > 00:00:00:00:00:00, IPv4, length 60: 1.2.176.1.80 > 
1.1.233.209.23588: tcp 0

02:1a:c5:01:00:00 > 00:00:00:00:00:00, IPv4, length 60: 1.1.233.209.23588 > 
1.2.176.1.80: tcp 0

02:1a:c5:01:00:00 > 00:00:00:00:00:00, IPv4, length 1434: 1.1.233.209.23588 > 
1.2.176.1.80: tcp 1380

02:1a:c5:01:00:00 > 00:00:00:00:00:00, IPv4, length 512: 1.1.233.209.23588 > 
1.2.176.1.80: tcp 458

02:1a:c5:02:00:00 > 00:00:00:00:00:00, IPv4, length 60: 1.2.176.1.80 > 
1.1.233.209.23588: tcp 0

02:1a:c5:01:00:00 > 00:00:00:00:00:00, IPv4, length 60: 1.1.233.209.23588 > 
1.2.176.1.80: tcp 0

02:1a:c5:02:00:00 > 00:00:00:00:00:00, IPv4, length 60: 1.2.176.1.80 > 
1.1.233.209.23588: tcp 0

02:1a:c5:01:00:00 > 00:00:00:00:00:00, IPv4, length 60: 1.1.233.209.23588 > 
1.2.176.1.80: tcp 0

[root@replay-02 tmp]#









If I rewrite NORMAL.cap again, using the same options it works





[root@replay-02 tmp]# tcprewrite --dlt=enet --enet-vlan=del 
--pnat=1.1.233.209/32:192.168.129.1/32,1.2.176.1/32:192.168.1.1/32 
--infile=NORMAL.cap --outfile=NORMAL2.cap -v

reading from file -, link-type EN10MB (Ethernet)

09:38:07.877834 IP 1.1.233.209.23588 > 1.2.176.1.http: S 
1097483548:1097483548(0) win 16384

09:38:07.879223 IP 1.2.176.1.http > 1.1.233.209.23588: S 
2266378423:2266378423(0) ack 1097483549 win 16384

09:38:07.880207 IP 1.1.233.209.23588 > 1.2.176.1.http: . ack 1 win 16384

78423(0) ack 1097483549 win 16384

09:38:07.883955 IP 1.1.233.209.23588 > 1.2.176.1.http: P 1:1381(1380) ack 1 win 
16384

1097483549 win 16384

09:38:07.885953 IP 1.1.233.209.23588 > 1.2.176.1.http: P 1381:1839(458) ack 1 
win 16384

97483549 win 16384

09:38:07.887592 IP 1.2.176.1.http > 1.1.233.209.23588: . ack 1839 win 16384

1 win 16384

97483549 win 16384

09:38:08.020501 IP 1.1.233.209.23588 > 1.2.176.1.http: F 1839:1839(0) ack 1 win 
16384

4

97483549 win 16384

09:38:08.022390 IP 1.2.176.1.http > 1.1.233.209.23588: F 1:1(0) ack 1840 win 
16384

84

4

97483549 win 16384

09:38:08.023499 IP 1.1.233.209.23588 > 1.2.176.1.http: . ack 2 win 16384

win 16384

84

4

97483549 win 16384

[root@replay-02 tmp]# tcpdump -e -nn -tqr NORMAL2.cap

reading from file NORMAL2.cap, link-type EN10MB (Ethernet)

02:1a:c5:01:00:00 > 00:00:00:00:00:00, IPv4, length 60: 192.168.129.1.23588 > 
192.168.1.1.80: tcp 0

02:1a:c5:02:00:00 > 00:00:00:00:00:00, IPv4, length 60: 192.168.1.1.80 > 
192.168.129.1.23588: tcp 0

02:1a:c5:01:00:00 > 00:00:00:00:00:00, IPv4, length 60: 192.168.129.1.23588 > 
192.168.1.1.80: tcp 0

02:1a:c5:01:00:00 > 00:00:00:00:00:00, IPv4, length 1434: 192.168.129.1.23588 > 
192.168.1.1.80: tcp 1380

02:1a:c5:01:00:00 > 00:00:00:00:00:00, IPv4, length 512: 192.168.129.1.23588 > 
192.168.1.1.80: tcp 458

02:1a:c5:02:00:00 > 00:00:00:00:00:00, IPv4, length 60: 192.168.1.1.80 > 
192.168.129.1.23588: tcp 0

02:1a:c5:01:00:00 > 00:00:00:00:00:00, IPv4, length 60: 192.168.129.1.23588 > 
192.168.1.1.80: tcp 0

02:1a:c5:02:00:00 > 00:00:00:00:00:00, IPv4, length 60: 192.168.1.1.80 > 
192.168.129.1.23588: tcp 0

02:1a:c5:01:00:00 > 00:00:00:00:00:00, IPv4, length 60: 192.168.129.1.23588 > 
192.168.1.1.80: tcp 0

[root@replay-02 tmp]#


------------------------------------------------------------------------------
Special Offer -- Download ArcSight Logger for FREE!
Finally, a world-class log management solution at an even better 
price-free! And you'll get a free "Love Thy Logs" t-shirt when you
download Logger. Secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsisghtdev2dev
_______________________________________________
Tcpreplay-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
Support Information: http://tcpreplay.synfin.net/trac/wiki/Support

Reply via email to