tcprewrite and tcprepaly : rewrite a cap file and replay UDP traffic

Here is how to rewrite capture file and replay that with tcpreplay and tcprewrite.

root@ubuntu:~:# tail -1 /etc/lsb-release

root@ubuntu:~:# apt-get install tcpreplay

root@ubuntu:~:# dpkg -l tcprepaly
ii  tcpreplay      3.4.4-2      amd64        Tool to replay saved tcpdump file

my_dns_query.cap is DNS cap file collected with tcpdump.
rewrite dst ip address to

# tcprewrite --infile=my_dns_query.cap --outfile=new.cap --dstipmap=

original: dst ip

root@ubuntu:~:# tcpdump -r my_dns_query.cap -n | head -1
reading from file my_dns_query.cap, link-type EN10MB (Ethernet)
00:13:52.094051 IP > 65266+ A? ocsp.verisign.com. (35)

after rewriting : dst ip

root@ubuntu:~:# tcpdump -r new.cap -n | head -1
reading from file new.cap, link-type EN10MB (Ethernet)
00:13:52.094051 IP > 65266+ A? ocsp.verisign.com. (35)

replay packet

# tcpreplay -i br0 new.cap --pps=10
sending out br0
processing file: new.cap


root@ubuntu:~:# tcpreplay --pps=100 --intf1=br0 new.cap
sending out br0
processing file: new.cap
Actual: 722 packets (57514 bytes) sent in 7.28 seconds. Rated: 7900.3 bps, 0.06 Mbps, 99.18 pps
Statistics for network device: br0
Attempted packets:         722
Successful packets:        722

root@ubuntu:~:# tcpdump -r new.cap | wc -l
reading from file new.cap, link-type EN10MB (Ethernet)

root@ubuntu:~:# tcpdump -i br0 udp dst port 53 -n
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on br0, link-type EN10MB (Ethernet), capture size 65535 bytes
01:54:00.827695 IP > 17014+ A? workplace.stackexchange.com. (45)
01:54:00.837693 IP > 64629+ A? apple.stackexchange.com. (41)

Ubuntu 13.10 : LXC


# tail -1 /etc/lsb-release ;uname -ri
3.11.0-15-generic x86_64

install lxc

# apt-get install lxc lxc-templates

# dpkg -l lxc*
ii  lxc            1.0.0~alpha1 amd64        Linux Containers userspace tools
ii  lxc-templates  1.0.0~alpha1 all          Linux Containers userspace tools

[ setup ]

Here are config files which are under /etc/init directory.
# ls /etc/init/lxc*
/etc/init/lxc.conf  /etc/init/lxc-instance.conf  /etc/init/lxc-net.conf

/etc/default/lxc  is config file as well.

- use br0 tied to eth0

edit /etc/default/lxc-net
# egrep -v ^# /etc/default/lxc-net


# cat /etc/lxc/default.conf
lxc.network.type = veth
#lxc.network.link = lxcbr0
lxc.network.link = br0
lxc.network.flags = up

interfaces file is as below.
# cat /etc/network/interfaces
# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet manual

auto br0
iface br0 inet static
bridge_ports eth0
bridge_stp off
bridge_fd 0
bridge_maxwait 0

[ directory where containers are stored ]

/var/lib/lxc : containers are stored
/var/cache/lxc  : cached data are stored ( I am not sure .. )

If you want to change the directory where containers stored, create symbolic links like this:
# rm -rf /var/lib/lxc /var/cache/lxc/

root@ubuntu:~:# mkdir /var/disk1/lxclib
root@ubuntu:~:# mkdir /var/disk1/lxccache

root@ubuntu:~:# ln -s /var/disk1/lxclib /var/lib/lxc
root@ubuntu:~:# ln -s /var/disk1/lxccache /var/cache/lxc

[ build containers by using templates ]

here is the list of container templates you can build.
# ls /usr/share/lxc/templates/
lxc-alpine     lxc-busybox  lxc-fedora    lxc-sshd
lxc-altlinux   lxc-cirros   lxc-opensuse  lxc-ubuntu
lxc-archlinux  lxc-debian   lxc-oracle    lxc-ubuntu-cloud

build ubuntu 13.10 container.

-t means use template (  lxc-ubuntu )
-n : container name
-- :  template option
-r : distribution name
# lxc-create -t ubuntu -n ubuntu1310-cn1 -- -r saucy
Checking cache download in /var/cache/lxc/saucy/rootfs-amd64 ...
installing packages: vim,ssh,language-pack-en,language-pack-ja
Downloading ubuntu saucy minimal ...
I: Retrieving Release
I: Retrieving Release.gpg
# The default user is 'ubuntu' with password 'ubuntu'!
# Use the 'sudo' command to run tasks as root in the container.



:# ls /var/lib/lxc/ubuntu1310-cn1/*
/var/lib/lxc/ubuntu1310-cn1/config  /var/lib/lxc/ubuntu1310-cn1/fstab

bin   dev  home  lib64  mnt  proc  run   srv  tmp  var
boot  etc  lib   media  opt  root  sbin  sys  usr

start the container

# lxc-ls --fancy
NAME            STATE    IPV4  IPV6  AUTOSTART  
ubuntu1310-cn1  STOPPED  -     -     NO   

# lxc-start -n ubuntu1310-cn1

[ clone ]

stop the container and then clone

root@ubuntu:~:# lxc-stop -n ubuntu1310-cn1

root@ubuntu:~:# lxc-clone -o ubuntu1310-cn1 -n ubuntu1310-cn2
Created container ubuntu1310-cn2 as copy of ubuntu1310-cn1

Apache CGI, python script

small tips.
# tail -1 /etc/lsb-release ;uname -ri
3.2.0-58-virtual x86_64

install apache2
# apt-get install apache2

edit /etc/apache2/mods-available/mime.conf to allow us to execute cgi, pl, rb, py scripts.
AddHandler cgi-script .cgi .pl .rb .py

# less /etc/apache2/sites-available/default
     ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
       <Directory "/usr/lib/cgi-bin">
               AllowOverride None
               Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
               Order allow,deny
               Allow from all

start httpd
# apachectl restart

create a python script for the testing and copy it to /usr/lib/cgi-bin directory.
also change permission of python file.
# cat example1.py
#!/usr/bin/env python

print "Content-type: text/html"
print "<html>"
print "<center>Hello, Linux.com!</center>"
print "</html>"

# cp example1.py /usr/lib/cgi-bin/
# chmod 755 /usr/lib/cgi-bin/example1.py

access to http:// IP /cgi-bin/example1.py


[ FORM ]


html file ( form )
# cat /var/www/example2.html
<title>Python CGI Test(1)</title>

<h1>Python CGI Test(1)</h1><hr><p>

<form name = "Form1" method="POST" action="/cgi-bin/example2.py">
name: <input type="text" size=30 name="name"><p>
addr: <input type="text" size=30 name="addr"><p>
<input type="submit" value="submit" name="button1"><p>

python script
# cat /var/www/cgi-bin/example2.py
#!/usr/bin/env python

# CGI Test
import cgi

print "Content-Type: text/html\n\n"

print "<html><body>"

form = cgi.FieldStorage()
form_ok = 0
if form.has_key("name") and form.has_key("addr") :
 form_ok = 1
if form_ok == 0 :
 print "<h1>ERROR</h1>"
else :
 print "<h2>Result</h2><hr><p>"
 print "<p><b>name: </b>", form["name"].value
 print "<p><b>addr: </b>", form["addr"].value

print "</body></html>"

copy the script to /vaw/www/cgi-bin directory.
# mkdir /var/www/cgi-bin   <- create a directory if there is not
# cp example2.py /var/www/cgi-bin/
# chmod 755 /var/www/cgi-bin/example2.py

access to http:// IP /example2.html

enter “submit”

Fedora 20 : install Go 1.2 lang


# cat /etc/fedora-release ;uname -ri
Fedora release 20 (Heisenbug)
3.13.0-1.vanilla.mainline.knurd.1.fc20.x86_64 x86_64

untar file and store these file under /usr/local/go directory
# tar -C /usr/local -xzf go1.2.linux-amd64.tar.gz

# ls /usr/local/go
AUTHORS       LICENSE  README   api  blog  favicon.ico  lib   pkg         src
CONTRIBUTORS  PATENTS  VERSION  bin  doc   include      misc  robots.txt  test

# export PATH=$PATH:/usr/local/go/bin

# which go

# go version
go version go1.2 linux/amd64

make a go file
# cat hello.go
package main

import "fmt"

func main() {

# go run hello.go