Sorry for not replying to the thread directly, but I just subscribed
to the list...
Anyways, tcpreplay already fixes checksums L3/L4 in pcap files as well
as pesudo-randomizing the IP addresses contained within (note, only
supports doing so for IPv4 and at layer 3, so don't expect it to fix
them in a FTP PORT command or in a HTTP Host header).
I'd recommend grabbing v2.3.5 (the 3.0 beta series is a bit buggy
right now). An example usage would be:
sudo ./tcpreplay -F -s 367 -i en0 -w out.pcap -R in.pcap
If you're feeling lucky, grab 3.0.beta11 and use tcprewrite:
tcprewrite --seed=423 --infile=input.pcap --outfile=output.pcap
The big advantage of tcprewrite, is that it doesn't require running as
root and is a little more intelligent (it'll update IPv4 addresses in
ARP packets for example). It will also someday gracefully handle
non-Ethernet captures.
http://tcpreplay.synfin.net/
Anyways, glad to see that work is finally being done on openpacket.
I'm particularly interested in it since so many people ask me where to
get packet captures for use with tcpreplay.
Regards,
Aaron
--
Aaron Turner
http://synfin.net/
|
