This is free software licensed under the GNU Public License!
IT IS NOT INTENDED FOR ILLEGAL USE. IT IS PROPOSED TO HELP IN NETWORK ANALYSIS AND STUDYING
NETWORK TECHNIQUES. I WILL NOT BE HELD RESPONSIBLE FOR WHATEVER YOU DO WITH THAT APPLICATION!
Easy and basic How-To-Use for the Proof of Concept:
For already captured tracefiles:
1st) Download OpenVPN [1].
Start the installer and untick everything EXCEPT "Tap Virtual Ethernet Adapter".
Replay uses this for injecting packets into the network,
as Raw-Sockets are disabled by Microsoft for security purpose.
2nd) Once installed, have a look at the Networking Control Panel
(eg by hitting Win+R, entering "control ncpa.cpl" (without quotes) and hitting enter)
3rd) Right-click the newly created Tap Ethernet adapter. It can be
identified by "TAP-Win32 Adapter V9" (V9 can vary, depending on the version you have installed in step 1)
4th) Select "Properties" and uncheck all checkboxes on the appearing list,
deselecting all installed protocols for THIS adapter! Click "OK".
5th) Download a capture file from somewhere, that is in libpcap format (most are!),
e.g. from [2] or use your own
6th) Setup the network analyzer application of your choice. I recommend Wireshark [3],
but any should work (though not tested by me)
7th) Setup
your network analyzer to capture traffic on the Tap adapter.
You should see NO packets incoming, if there are packages, double check you followed step 4
and make sure you are NOT connected to a OpenVPN VPN (if you do not know what a OpenVPN VPN is,
you are not connected). Also check that you are sniffing on the Tap adapter.
If there are still packets incoming, DO NOT proceed or
you WILL encounter weired behaviour of a lot of things!!
8th)
Start Replay.
9th) Hit "Thread" checkbox. To replay the file in real-time, set the appropriate value (true) in the
corresponding "Edit Parameters...".
10th) Select where to capture from: "File Stream".
11th) Click on start.
12th) "Edit Parameters..." should pop up.
Click on "Path" and right-click the textbox next to "Value: " and click on "Choose file..."
13th) Select the capture file you
selected in step 5 and click on "Close"
14th) Now you should see the sniffer receiving packets.
15th) You're done.
For trace files (and streams) stored on HTTP-Servers:
1st) Follow steps 1 to 4 from above
2nd) Start Replay
3rd) Select where to capture from: "Network Stream".
4th) Check "Thread".
5th) Setup your network analyzer as described above (and start it on the tap device)
6th) Click "Start" and select the entry "URI" from the appearing window.
7th) Enter the URL to the file or the stream you want to open in the text box near "Value: ".
(It should have the following appearance: "server/path/to/trace.cap",
do not prefix "http://", only port 80 http at the moment, sorry for this.)
8th) Click "Close" and see the buffers filling.
9th) You're done.
Known Issues:
- You cannot open streams or files on non port 80 http, https or http with login credentials.
- You cannot really stop or pause the replay. "Thread" only makes it look more responsive,
though there is no usefule behaviour implemented while a replay is running.
Tips:
To capture Fritz!Box WAN traffic, log onto your Fritz!Box using a webbrowser,
select the NetworkStreamProvider and enter [4] as the URI.
Don't be evil!
Links:
[1] http://openvpn.net/index.php/downloads.html
[2] http://wiki.wireshark.org/SampleCaptures
[3] http://www.wireshark.org/
[4] fritz.box/cgi-bin/capture_notimeout?start=0