Can one use PF_PACKET sockets on Linux to send raw packets without filling Ethernet data?

Looking at tcpreplay's source, found the idea of using PF_PACKET instead of AF_INET+SOCK_RAW. However, can't tell from existing documentation if it's possible for PF_PACKET to send raw IP packet...

Adding Timestamps To Packet Payload with TCPREPLAY

I have a pcap file to replay. I want to rewrite packet payload to include a timestamp. How can I do that with tcpreplay or tcprewrite? Is there a default option or should I implement it myself...

UDP multicast client does not see UDP multicast traffic generated by tcpreplay

I have two programs: server ... it generates UDP traffic on a chosen multicast listener ... it prints UDP traffic on a chosen multicast (it subscribes to a multicast and prints ...

Read fails after tcpreplay with error: 0: Resource temporarily unavailabl

I have a very simple script to run. It calls tcpreplay and then ask the user to type in something. Then the read will fail with read: read error: 0: Resource temporarily unavailable. Here is the...

tcpreplay: -T option

In tcpreplay there is a very useful feature which, according to the official FAQ's, is called with parameter -T : The packet length (in this case 8892 bytes) is greater then the maximum...

How enable tcpreplay fragroute engine

I have installed tcpreplay and before that installed libdnet libevent and fragroute but the fragroute engine is disable and i can not use --fragroute option in tcprewrite. how can i enable the...

Adding ethernet padding to packet using scapy

I need to write a tool that can take in a pcap file and rewrite all packets shorter than 60 bytes and apply the ethernet padding to them. This is to avoid having the NIC alter the number of bytes...

use tcpreplay for real trace internet dataset

I have CAIDA internet trace dataset and it contain more than 200000 unique IPv4 addresses and almost 1 million flows. Im currently using mininet to emulate my SDN project and i wish that i could...

Tcpreplay parameter and CPU usage

I have created a UDP file using Scapy and I'm using tcpreplay to send the packet. I've faced two weird issues: The number of packets sent is not identical to the (--pps) parameter. Not sure if...

How to modify the timestamp range of a .pcap file?

Problem I need to modify a .pcap file captured over a timespan of 5 minutes such that it simulates a .pcap file captured over a timespan of 20 minutes. The problem is that I don't know how to do...

After running "opkg install tcpdump" on tp-link router flashed OpenWrt successfully, the tcpdump command doesn't work

I am doing a wireless experiment which used a tp-link router WR1043ND flashed OpenWrt system. Because I need to catch packages through the router, I need to install the tcpdump software. I just...

Altering packets using Scapy - automatically update properties (length, checksum etc.) after editing packet's payload

I am currently modifying a pcap file (on a Linux system) using scapy in Python. I do this for two reasons: I need to alter specific parts of the load of some of the packets and then replay those...

tcpdump of tcpreplay output does not match input

I am having an issue in which on certain machines the number of bytes that tcpdump reports tcpreplay has output does not match tcpreplay's input. Specifically, tcpdump always reports 14 bytes more...

Scapy - random trailer after a packet

I am running sacpy 2.4 in Ubuntu 16.04. I have found on basic packets ( Eth/IP/UDP or Eth/IP/TCP) wireshark often flags a failed frame check sequence. Upon investigation I found that the "broken...

Python Scapy RTP header manipulation - how can I decode RTP in scapy?

I need to edit 2 RTP header fields in a PACP file. I want to edit the RTP timestamp field and the SSRC field. This is so that I can manipulate some capture for replay using tcpreplay for testing...

replay captured udp traffic

I am trying to send packets using TCP replay. The file was captured in another network and contains UDP packets. In order to replay, I've changed the src and destination address, etc...using the...

tcpreplay not work client not receive the data

In server # nc -lp 2424 hi server hi client 1 2 3 In client ➜ ~ nc 139.224.xxx.xx 2424 hi server hi client 1 2 3 Then in client ➜ ~ sudo tcpdump -i en0 -nn -s0 -v src port 2424 -c 10 -w...

Redirecting mirrored traffic from OpenBSD

I have a software router running OpenBSD and a DPI service on a VM on a separate physical machine. I want all the passing traffic to be mirrored from the OpenBSD machine to the DPI machine online...

Reduce / Limit number of alerts occurring from Snort Rule Trigger (Syn Flood)

So I have a snort rule that detects syn flood attacks that looks like this: alert tcp any any -> $HOME_NET 80 (msg:”SYN Flood - SSH"; flags:S; flow: stateless; detection_filter: track by_dst,...

GoReplay - replay from .log instead of .gor

I am looking into GoReplay as to reproduce part of the production traffic that occurred yesterday. The traffic I want to reproduce has been recorded with nginx, and I can save it as a .log or .csv...

Docker container connected by OVS+DPDK, `Ping` work but `iperf` NOT

I am trying to build a platform using Docker, OVS+DPDK. 1. Set up DPDK + OVS I set up DPDK+OVS using dpdk-2.2.0 with openvswitch-2.5.1. First, I compile the code of DPDK, set up hugepages. I do...

tcpprep: Command line arguments not allowed

I'm not sure, why executing below command on ubuntu terminal throws error. tcpprep syntax and options are mentioned as per in help doc, still throws error. [email protected]:~# /usr/bin/tcpprep...

How do I change the interface snort monitors by default?

To start, I am entirely new to Linux and am doing this as part of my final year project at university, I have never used linux before a few weeks ago and I have been hitting roadblock after...

tcpreplay is sending packets out of order?

When I use 'tcpreplay' to send packets to my switch, I found that packets are out of order. For example, using tcpreplay -i eth1 test.pcap, I get: I send packets like **[1,2,3,4,5,……]**,...

(DPDK)how to send a pcap file to the reciever, and generate a exact pcap file on the reciever side?

I'm doing this project, where I have to send a bunch of packets (using rte_eth_tx_burst) ,from one network card, to another network card. these 2 network cards are linked(by Fiber I guess? it...

How to run Suricata on PCAP mode and get results in fast.log

I'm trying to get suricata to alert on a pcap in the fast.log file instead of a network interface as it says it does in the documentation, but I can't get any output in fast.log. My Setup docker...

tcpreplay: replay a pcap in reverse order

is there any way to replay a pre-recorded pcap file in reverse order? That is, starting from the last packet in the file and without changing the delay between packets? I also tried reversing the...

Packets getting dropped with Libpcap in C on 1 Gig Traffic

I'm writing a packets parser in C using libpcap library. Here is the simple code int main(int argc, char *argv[]) { pcap_t *pcap; const unsigned char *packet; char...

Continue despite failed packet when using tcpreplay

I am trying to use tcpreplay to send the contents of a pcap file. It is refusing to send some packets because they are too long. However, instead of continuing with the next packet, it stops: $...

Detect VLAN tagged packets using XDP eBPF

I am trying to detect packets with a VLAN tag. I have some PCAP files to containing VLAN tagged packets to test. A Wireshark screenshot of a sample packet: After reading some tutorials, I wrote...