From: Aaron T. <at...@po...> - 2005-10-31 17:28:44
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Oct 31, 2005, at 12:46 AM, smanish wrote: > Hi, > I executed following command line > > ./tcprewrite -e 10.0.0.1:10.0.0.2 -i /tmp/a.cap -o /tmp/ > endpoints_a.cap > > and expected tcpwriet to change communication to be between > 10.0.0.1 and > 10.0.0.2. > Instead what I get is all the source IP in capture file are > replaced by > 10.0.0.1 > and all the destination were replaeced by 10.0.0.2. > > Is this expected? tcprewrite is behaving as designed. > Though I got what wanted using -N > ./tcprewrite -N > 192.168.0.111/32:10.0.0.1/32,192.168.0.1/32:10.0.0.2/32 > -i /tmp/a.cap -o /tmp/nated_a.cap You can use -N or pre-process the pcap file with tcpprep and then pass the resulting tcpprep cache file to tcprewrite. The important thing to remember is that tcpreplay and tcprewrite *do not* understand "client" and "server" relationships. They just look at one packet at a time. If you want them to be aware of the client/ server relationship of packets, then you have to use tcpprep first. > Can I get the same effect with -e option? Use tcpprep. > I looked througth the sources and it actually converts -e command to > equivalent -N options using > 0.0.0.0/0. What does this mean? 0.0.0.0/0 is "match everything". Just like a default route in your routing table. Hope that helps. - -Aaron -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (Darwin) iD8DBQFDZlRGhweYF/hu2uYRAoHaAJ981S63plCLyX2olbur47LTOhiFsACfVBm6 2JHdX7IdD9yD7JlBWtAqq4A= =1hEK -----END PGP SIGNATURE----- |