[Openpacket-devel] easy way to fix checksums/rewrite IP's
Brought to you by:
crazy_j,
taosecurity
Menu
▾
▴
[Openpacket-devel] easy way to fix checksums/rewrite IP's
|
From: Aaron T. <syn...@gm...> - 2006-09-14 21:54:25
|
Sorry for not replying to the thread directly, but I just subscribed to the list... Anyways, tcpreplay already fixes checksums L3/L4 in pcap files as well as pesudo-randomizing the IP addresses contained within (note, only supports doing so for IPv4 and at layer 3, so don't expect it to fix them in a FTP PORT command or in a HTTP Host header). I'd recommend grabbing v2.3.5 (the 3.0 beta series is a bit buggy right now). An example usage would be: sudo ./tcpreplay -F -s 367 -i en0 -w out.pcap -R in.pcap If you're feeling lucky, grab 3.0.beta11 and use tcprewrite: tcprewrite --seed=423 --infile=input.pcap --outfile=output.pcap The big advantage of tcprewrite, is that it doesn't require running as root and is a little more intelligent (it'll update IPv4 addresses in ARP packets for example). It will also someday gracefully handle non-Ethernet captures. http://tcpreplay.synfin.net/ Anyways, glad to see that work is finally being done on openpacket. I'm particularly interested in it since so many people ask me where to get packet captures for use with tcpreplay. Regards, Aaron -- Aaron Turner http://synfin.net/ |
