On Wed, 30 Oct 2002, Brad Arlt wrote: > On Wed, Oct 30, 2002 at 06:33:38AM -0800, Cynic wrote: > > Hi, > > > > I am looking for an application for *NIX, that can replay captured > > packets, while dropping, the TCP Stacks responses. Let's assume I > > replay a SYN, and receive a SYN-ACK, my host's TCP Stack immediatley > > replies with a RST since it was not aware a connection was to be > > opened. So I am looking for some low-level retransmission > > application for *nix such as Network monitor for NT. (I believe it > > does this.) > > http://tcpreplay.sourceforge.net/ > > TCP Replay resends a libpcap or snoop capture file. As far as I know > it doesn't listen to a darn thing, so you are good to go. This doesn't address the issue of keeping the originating machine from trying to take part in the replayed TCP session. The question isn't how to replay the data, it's how to keep the originating host from screwing it up by tearing down the illigitimate connection. One easy way to do this would be to setup iptables to block outbound TCP packets that have the RST flag set (of course, this would mess up replayed data which contains RSTs..but I'm sure you can think of creative solutions for that :) --jared > > You can trim the capture file however you like using the tools that > come with it, Snoop, or tcpdump. > ----------------------------------------------------------------------- > __o Bradley Arlt Security Team Lead > _ \<_ arltat_private University Of Calgary > (_)/(_) I should be biking right now. Computer Science > >
This archive was generated by hypermail 2b30 : Wed Oct 30 2002 - 13:12:33 PST