Hi,
You can do this in scapy. I wrote a procedure to do it, although if any
data contains internal addresses it won't address that. But it fixes the
headers.
Because IPv6 headers are larger than V4 if you have any packets that are
at MTU you will have issues. I have also attached a procedure to
truncate the packets larger than 1500.
Here is the code.
def ipnumber(ip):
ip=ip.rstrip().split('.')
ipn=0
while ip:
ipn=(ipn<<8)+int(ip.pop(0))
return ipn
**def convertV4toV6(pcapname,outpcap):
pcap = rdpcap(pcapname)
newpcap = []
bailing = 0
for i in range (0, len(pcap)):
#if it is IPv6 bail to save time
if(pcap[i].haslayer(IPv6)):
bailing = 1
break
#before we even start check for frag, if fragged bail... for now.
if (pcap[i][IP].flags == 4L or pcap[i][IP].frag != 0L):
print "Do not support Fragment at this time, packet " + str(i)
+ " failed"
bailing = 1
break
src = ipnumber(pcap[i][IP].src)
dst = ipnumber(pcap[i][IP].dst)
src = hex(src)
src = src.rstrip().split('0x')
src = src.pop(1)
v6src = src[0:4] + ':' + src[4:8]
dst = hex(dst)
dst = dst.rstrip().split('0x')
dst = dst.pop(1)
v6src = src[0:4] + ':' + src[4:8]
v6dst = dst[0:4] + ':' + dst[4:8]
ethersrc = pcap[i][Ether].src
ethersrc = ethersrc.rstrip().split(':')
etherdst = pcap[i][Ether].dst
etherdst = etherdst.rstrip().split(':')
v6src = '2011::1:' +v6src
v6dst = '2011::1:' +v6dst
# replace the header
#print v6src + " " + v6dst + "packet is: " + str(i)
if pcap[i].haslayer(IP):
if pcap[i].haslayer(TCP):
del(pcap[i][TCP].chksum)
if pcap[i].haslayer(UDP):
del(pcap[i][UDP].chksum)
del(pcap[i][IP].chksum)
del(pcap[i][IP].len)
if pcap[i].haslayer(Padding):
del(pcap[i][Padding])
#the IPv6 header length is 40.
if len(pcap[i][IP].payload) < 6:
pcapload = ''.join(['0' for num in
xrange(0,6-len(pcap[i][IP].payload))])
pcap[i] = pcap[i]/Padding(load=pcapload)
newpcap.append(Ether(src=pcap[i][Ether].src,dst=pcap[i][Ether].dst,type=0x86dd)/IPv6(nh=pcap[i][IP].proto,src=v6src,
dst=v6dst)/pcap[i][IP].payload)
newpcap[i].time = pcap[i].time
if (bailing != 1):
wrpcap(outpcap,newpcap)
def TruncateV6Data(pcapname):
pcap = rdpcap(pcapname)
for i in range (0, len(pcap)):
if (len(pcap[i]) > 1500):
if (pcap[i].haslayer(TCP)):
pcap[i][Raw].load = pcap[i][Raw].load[0:1426]
del(pcap[i][TCP].chksum)
if (pcap[i].haslayer(UDP)):
pcap[i][Raw].load = pcap[i][Raw].load[0:1438]
del(pcap[i][UDP].chksum)
del(pcap[i][UDP].len)
del(pcap[i][IPv6].plen)
wrpcap(pcapname,pcap)
On 02/03/2012 09:27 AM, Anderson Tang wrote:
Dear All,
We need a tool that can convert IPv4 Pcap into IPv6 Pcap. (Or replay
IPv4 Pcap as IPv6 traffic)
Can tcpreplay/tcprewrite support that? (I tried but failed!)
Or do you know any other tools can achieve that?
Best Regards
------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________
Tcpreplay-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
