> > >This doesn't address the issue of keeping the originating machine from >trying to take part in the replayed TCP session. The question isn't how to >replay the data, it's how to keep the originating host from screwing it up >by tearing down the illigitimate connection. > >One easy way to do this would be to setup iptables to block outbound TCP >packets that have the RST flag set (of course, this would mess up replayed >data which contains RSTs..but I'm sure you can think of creative solutions >for that :) > > Actually, it's mildly convenient having the kernel send RSTs for me. Simplifies my network auditor significantly -- receiver doesn't need to send any packets. The definitive way to shut the kernel up is to throw your userspace stack on a different IP, behind a NAT box if necessary. BTW -- I'm thinking about simple, lower/upper case streams of hex, terminated by newlines, as a nice and hackable datastream for packet input/output. You'd run linkcat in listen mode and get something like 45 10 01 48 bb 0a 40 00 40 06 68 4f 0a 00 01 0b 0a 00 01 0b 0a 00 01 3c ... 45 00 00 28 15 1b 40 00 80 06 cf 6e 0a 00 01 3c 0a 00 01 0b 12 6c 00 16 ... ...which you could then read using whatever text parser you had handy, modify, and spit back out in equivalent form through linkcat's send mode. Any thoughts? Should I have no spaces by default? Whatcha want? --Dan www.doxpara.com
This archive was generated by hypermail 2b30 : Wed Oct 30 2002 - 13:47:22 PST