root@ubuntu:~:# tail -1 /etc/lsb-release
DISTRIB_DESCRIPTION="Ubuntu 13.10"
root@ubuntu:~:# apt-get install tcpreplay
root@ubuntu:~:# dpkg -l tcprepaly
+++-==============-============-============-=================================
ii tcpreplay 3.4.4-2 amd64 Tool to replay saved tcpdump file
my_dns_query.cap is DNS cap file collected with tcpdump.
rewrite dst ip address to 192.168.11.1
# tcprewrite --infile=my_dns_query.cap --outfile=new.cap --dstipmap=0.0.0.0/0:192.168.11.1/32
original: dst ip 8.8.8.8
root@ubuntu:~:# tcpdump -r my_dns_query.cap -n | head -1
reading from file my_dns_query.cap, link-type EN10MB (Ethernet)
00:13:52.094051 IP 192.168.11.100.14751 > 8.8.8.8.53: 65266+ A? ocsp.verisign.com. (35)
after rewriting : dst ip 192.168.11.1
root@ubuntu:~:# tcpdump -r new.cap -n | head -1
reading from file new.cap, link-type EN10MB (Ethernet)
00:13:52.094051 IP 192.168.11.100.14751 > 192.168.11.1.53: 65266+ A? ocsp.verisign.com. (35)
replay packet
# tcpreplay -i br0 new.cap --pps=10
sending out br0
processing file: new.cap
okay.
root@ubuntu:~:# tcpreplay --pps=100 --intf1=br0 new.cap
sending out br0
processing file: new.cap
Actual: 722 packets (57514 bytes) sent in 7.28 seconds. Rated: 7900.3 bps, 0.06 Mbps, 99.18 pps
Statistics for network device: br0
Attempted packets: 722
Successful packets: 722
root@ubuntu:~:# tcpdump -r new.cap | wc -l
reading from file new.cap, link-type EN10MB (Ethernet)
722
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on br0, link-type EN10MB (Ethernet), capture size 65535 bytes
01:54:00.827695 IP 192.168.11.100.28689 > 192.168.11.1.53: 17014+ A? workplace.stackexchange.com. (45)
01:54:00.837693 IP 192.168.11.100.5017 > 192.168.11.1.53: 64629+ A? apple.stackexchange.com. (41)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.