Menu
▾
▴
Re: [Tcpreplay-users] tcprewrite issue conversion of DLT
|
From: Vikas S. <vs...@gm...> - 2010-11-01 09:33:04
|
Dear Aaron, you will recall that we had started with cisco HDLC conversion to ethernet. You had specified that we specify the MAC addresses in the conversion command. we used the following command : tcprewrite --enet-dmac=00:55:22:AF:C6:37 --enet-smac=00:44:66:FC:29:AF --infile=input.pcap --outfile=output.pcap However, when we try to decode output.pcap, we find that only P2P Packets, and some SSL packets can be decoded. the rest are not decoded (even though the systems do recognize TCP / UDP / ICMP transport protocols, but do not decode the actual data). Is this because we have not specified the second MAC address for the client to server traffic ? Can you clarify please. Please provide a sample command that should work for HTTP Cisco HDLC packets to be converted into ethernet packets. or do we need to specify the cachefile also ? Please provide an example for the same Do we also need to use the *--skipbroadcast* flag ? Please explain Regards Vikas Sharma On Sun, Sep 12, 2010 at 11:20 PM, Aaron Turner <syn...@gm...> wrote: > Actually, it's asking you for MAC addresses. Cisco HDLC does not have > this information in the header and they are required for Ethernet. In > your case, I recommend you just make them up- any valid MAC address > will work. > > On Sun, Sep 12, 2010 at 4:58 AM, Vikas Sharma <vs...@gm...> wrote: > > Dear Mr. Aaron Turner, > > > > > > > > My company is into security systems and had received a few CiscoHDLC pcap > > files (of 85 MBs each). > > > > > > > > Our software can only read only Ethernet packets and accordingly we tried > to > > convert the CiscoHDLC pcap files into Ethernet (DLT) by using > > > > > > > > tcprewrite –dlt=enet --infile=input.pcap --outfile=output.pcap > > > > > > > > However the system (Ubuntu Lucid) asks for the source IP address and we > are > > not able to provide that since that is not known to us (these are pcap > files > > captured by an Endace DAG card on an OC3, STM line). > > > > > > > > Please suggest a way to convert CiscoHDLC pcap files into Ethernet pcap > > files. > > > > > > > > I have enclosed the protocol stack of the CiscoHDLC pcap file along with > > this email > > > > I await your response, > > > > > > > > Regards > > > > > > > > Vikas Sharma > > > > > ------------------------------------------------------------------------------ > > Start uncovering the many advantages of virtual appliances > > and start using them to simplify application deployment and > > accelerate your shift to cloud computing > > http://p.sf.net/sfu/novell-sfdev2dev > > > > _______________________________________________ > > Tcpreplay-users mailing list > > Tcp...@li... > > https://lists.sourceforge.net/lists/listinfo/tcpreplay-users > > Support Information: http://tcpreplay.synfin.net/trac/wiki/Support > > > > > > -- > Aaron Turner > http://synfin.net/ Twitter: @synfinatic > http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & > Windows > Those who would give up essential Liberty, to purchase a little temporary > Safety, deserve neither Liberty nor Safety. > -- Benjamin Franklin > "carpe diem quam minimum credula postero" > > > ------------------------------------------------------------------------------ > Start uncovering the many advantages of virtual appliances > and start using them to simplify application deployment and > accelerate your shift to cloud computing > http://p.sf.net/sfu/novell-sfdev2dev > _______________________________________________ > Tcpreplay-users mailing list > Tcp...@li... > https://lists.sourceforge.net/lists/listinfo/tcpreplay-users > Support Information: http://tcpreplay.synfin.net/trac/wiki/Support > |
