From: James B. <jam...@al...> - 2012-02-03 14:39:28
|
Hi, You can do this in scapy. I wrote a procedure to do it, although if any data contains internal addresses it won't address that. But it fixes the headers. Because IPv6 headers are larger than V4 if you have any packets that are at MTU you will have issues. I have also attached a procedure to truncate the packets larger than 1500. Here is the code. def ipnumber(ip): ip=ip.rstrip().split('.') ipn=0 while ip: ipn=(ipn<<8)+int(ip.pop(0)) return ipn **def convertV4toV6(pcapname,outpcap): pcap = rdpcap(pcapname) newpcap = [] bailing = 0 for i in range (0, len(pcap)): #if it is IPv6 bail to save time if(pcap[i].haslayer(IPv6)): bailing = 1 break #before we even start check for frag, if fragged bail... for now. if (pcap[i][IP].flags == 4L or pcap[i][IP].frag != 0L): print "Do not support Fragment at this time, packet " + str(i) + " failed" bailing = 1 break src = ipnumber(pcap[i][IP].src) dst = ipnumber(pcap[i][IP].dst) src = hex(src) src = src.rstrip().split('0x') src = src.pop(1) v6src = src[0:4] + ':' + src[4:8] dst = hex(dst) dst = dst.rstrip().split('0x') dst = dst.pop(1) v6src = src[0:4] + ':' + src[4:8] v6dst = dst[0:4] + ':' + dst[4:8] ethersrc = pcap[i][Ether].src ethersrc = ethersrc.rstrip().split(':') etherdst = pcap[i][Ether].dst etherdst = etherdst.rstrip().split(':') v6src = '2011::1:' +v6src v6dst = '2011::1:' +v6dst # replace the header #print v6src + " " + v6dst + "packet is: " + str(i) if pcap[i].haslayer(IP): if pcap[i].haslayer(TCP): del(pcap[i][TCP].chksum) if pcap[i].haslayer(UDP): del(pcap[i][UDP].chksum) del(pcap[i][IP].chksum) del(pcap[i][IP].len) if pcap[i].haslayer(Padding): del(pcap[i][Padding]) #the IPv6 header length is 40. if len(pcap[i][IP].payload) < 6: pcapload = ''.join(['0' for num in xrange(0,6-len(pcap[i][IP].payload))]) pcap[i] = pcap[i]/Padding(load=pcapload) newpcap.append(Ether(src=pcap[i][Ether].src,dst=pcap[i][Ether].dst,type=0x86dd)/IPv6(nh=pcap[i][IP].proto,src=v6src, dst=v6dst)/pcap[i][IP].payload) newpcap[i].time = pcap[i].time if (bailing != 1): wrpcap(outpcap,newpcap) def TruncateV6Data(pcapname): pcap = rdpcap(pcapname) for i in range (0, len(pcap)): if (len(pcap[i]) > 1500): if (pcap[i].haslayer(TCP)): pcap[i][Raw].load = pcap[i][Raw].load[0:1426] del(pcap[i][TCP].chksum) if (pcap[i].haslayer(UDP)): pcap[i][Raw].load = pcap[i][Raw].load[0:1438] del(pcap[i][UDP].chksum) del(pcap[i][UDP].len) del(pcap[i][IPv6].plen) wrpcap(pcapname,pcap) On 02/03/2012 09:27 AM, Anderson Tang wrote: > Dear All, > > We need a tool that can convert IPv4 Pcap into IPv6 Pcap. (Or replay > IPv4 Pcap as IPv6 traffic) > > Can tcpreplay/tcprewrite support that? (I tried but failed!) > > Or do you know any other tools can achieve that? > > Best Regards |