On Tue, 1 May 2001, Marcus Pinto wrote: > If you can record arbitrary packets, can you replay them? yes. tcpreplay is designed for this purpose: http://www.anzen.com/research/nidsbench/tcpreplay.html (quote) Tcpreplay is aimed at testing the performance of a NIDS by replaying real background network traffic in which to hide attacks. Tcpreplay allows you to control the speed at which the traffic is replayed, and can replay arbitrary tcpdump traces. Unlike programmatically-generated artificial traffic which doesn't exercise the application/protocol inspection that a NIDS performs, and doesn't reproduce the real-world anomalies that appear on production networks (asymmetric routes, traffic bursts/lulls, fragmentation, retransmissions, etc.), tcpreplay allows for exact replication of real traffic seen on real networks. recall the libpcap has a packet write capability. you can dump arbitrary packet data to the wire using that. and then there's also libnet, which you can use to write arbitrary data. tcpreplay is essentially a tool to do that if you don't feel like coding your own. enjoy. ____________________________ jose nazario joseat_private PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80 PGP key ID 0xFD37F4E5 (pgp.mit.edu)
This archive was generated by hypermail 2b30 : Tue May 01 2001 - 08:45:36 PDT