Here is how to use tcpreplay / tcprewrite.
With tcprewrite, you can edit a capture data for your network environment, such as src MAC, dst MAC, dst IP, and you can replay a capture data with tcpreplay.
# tail -1 /etc/lsb-release
DISTRIB_DESCRIPTION="Ubuntu 12.04.4 LTS"
# apt-get install tcpreplay -y
|
download dns.cap from http://wiki.wireshark.org/SampleCaptures
dump dst udp 53 captures ( DNS request queries)
tcpdump -r dns.cap -n udp dst port 53 -w a_dns.cap
|
rewrite src MAC, dst MAC and Dst IP. also fix checksum.
# tcprewrite --infile=a_dns.cap --outfile=c_dns.cap --dstipmap=0.0.0.0/0:192.168.11.20/32 --enet-dmac=08:00:27:27:c5:f1 --enet-smac=08:00:27:1b:09:e4 --fixcsum
|
replay the capture data.
# tcpreplay --intf1=eth0 --pps=100 c_dns.cap
|
capture data on the target device.
# tcpdump -i eth0 port 53 -n
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
21:31:07.452087 IP 192.168.170.8.32795 > 192.168.11.20.53: 4146+ TXT? google.com. (28)
21:31:07.452610 IP 192.168.11.20.37474 > 192.168.11.1.53: 48231+% [1au] TXT? google.com. (39)
21:31:07.461590 IP 192.168.170.8.32795 > 192.168.11.20.53: 63343+ MX? google.com. (28)
21:31:07.461881 IP 192.168.11.20.57190 > 192.168.11.1.53: 61338+% [1au] MX? google.com. (39)
|
queries log
Feb 1 21:31:07 ubuntu-vm2 unbound: [2853:0] info: 192.168.170.8 google.com. TXT IN
Feb 1 21:31:07 ubuntu-vm2 unbound: [2853:0] info: 192.168.170.8 google.com. MX IN
Feb 1 21:31:07 ubuntu-vm2 unbound: [2853:0] info: 192.168.170.8 google.com. LOC IN
Feb 1 21:31:07 ubuntu-vm2 unbound: [2853:0] info: 192.168.170.8 104.9.192.66.in-addr.arpa. PTR IN
|
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.