Fragroute OverviewĪs of Tcpreplay 3.3.0, tcprewrite integrates Dug Song’s fragroute engine.ĭue to library constraints fragroute may or may not enabled in your binary. Of course, this won’t help any non-IP frames, so you may have some packets which can’t be sent in some situations. Since IP fragmentation is done at the IP layer, we use a value smaller then the MTU (in this case assuming 1500 for ethernet) to make sure we have enough room for the ethernet and IPv4 headers. This will cause tcprwrite to fragment any packet into 1400 byte chunks. $ tcprewrite -fragroute=frag.cfg -infile=input.pcap -outfile=output.pcap (like 10.10.1.1 and 10.10.1.2) for these two hosts by using the -endpoints rule: Sometimes you have a pcap with a bunch of hosts and you want rewrite all the traffic to beīetween two hosts or “endpoints”. Not only do the following options edit the IP header, but in the case of IPv4,Īlso modified ARP requests/replies to match as well. Wrap the address in hard brackets like so: or for networks: Layer 3 rewrite rule, tcprewrite will automatically re-calculate checksums for you, Of methods for rewriting IP addresses depending on your needs. -user-dlink - Set packet layer 2 headerĪs of version 3.4.2, tcprewrite supports both IPv4 and IPv6 addresses.Of your choosing by using the following two options: The user defined DLT option allows you to create any DLT/Layer2 header DLT_CHDLC (Cisco HDLC)Ĭisco HDLC has two fields in the Layer 2 header: address and control. Will set the VLAN tag to be 40, the CFI value to 1 and a VLAN priority of 4. $ tcprewrite -enet-vlan=add -enet-vlan-tag=40 -enet-vlan-cfi=1 -enet-vlan-pri=4 -infile=input.pcap -outfile=output.pcap The following would cause all traffic to have a destination MAC MAC addresses of packets so that they will be processed by the correct device.īy using the -enet-dmac and -enet-smac options you can specify what the newĭestination and source MAC addresses should be respectively. The most common layer 2 rewriting need is to change the source and destination Rewriting Source & Destination MAC addresses The Ethernet plugin allows you to control the source and destination MAC addresses.Īdditionally, you can add, remove and edit 802.1q VLAN tag headers. On the input DLT you may need to provide additional DLT plugin flags. To one of the supported output DLT type by using the -dlt= option. Hence, if you have a pcap in one of the supported input DLT types, you can convert it Over Cisco HDLC or capture on a BSD Loopback interface and replay over Ethernet. This allows you, for example, to capture traffic on say an Ethernet interface and replay Changing theĭLT plugin allows you to convert the packets from one DLT/Layer 2 type to another type. By default, the plugin used to read packets is also usedįor output, but you can override the output plugin using the -dlt option. Each plugin may support readingĪnd/or writing packets. This not only makes the code easier to maintain, but also helps make things clearerįor users regarding what is and isn’t supported. That traffic can flow through switches, firewalls, routers, IPS’s and many otherĪs of 3.0, tcprewrite uses plugins to support different DLT/Layer 2 types. Tcprewrite supports a lot of Layer 2 rewriting options to help you modify packets so To specify a tcpprep cache file to use during processing, use the -cachefile option. Since cache files are separate from the actual pcap, you can use multipleĬache files with different processing rules for multiple passes of tcprewrite. Use of this feature allows you to select which packets are edited and which Using tcpprep cache files, you can also mark packets as to be skipped during processingīy tcprewrite. Which allows you to define direction based on a variety criteria. Packet direction is determined by consulting a tcpprep cache file, Options allow you to edit packets differently depending on the direction Direction & Selectionīefore we get to packet editing, it is important to remember that some of these rewrite $ tcprewrite -infile=input.pcap -outfile=output.pcapĪdditional arguments for actually editing packets are described below. Of the output pcap file (which will be overwritten). Running tcprewrite requires you to provide it an input pcap file and the name Hence, all the options listed below are validįor both tcprewrite and tcpreplay-edit. In 3.4.1 this editing functionality was re-introduced in tcpreplay In version 3.0, all of the packet editing functionality in tcpreplay was moved Changing Networks via Pseudo-NAT, Source/Destination IP Map.Rewriting Source & Destination MAC addresses.
0 Comments
Leave a Reply. |