tcprewrite作为tcpreplay的一个工具,可以对数据包的2-4层进行修改,功能非常强大。下面主要介绍下安装方法、整体的步骤和每层具体的修改方法。
一、安装方法
以下服务器信息为该文档安装tcpreplay服务环境
服务器信息:CentOS7
内核版本:3.10.0-1160.el7.x86_64
1.直接使用yum进行安装
yum -y install tcpreplay
2.查看安装是否成功(如果有输出代表安装成功)
tcpreplay -V
ps:安装好后就能看到tcpprep、tcpwrite,和tcpreplay一起配合使用
二、整体步骤
步骤1:先为待修改的pcap包(test1.pcap)生成一个中间件(test_cache.cache)
tcpprep -p --pcap=test1.pcap --cachefile=test_cache.cache
步骤2:导入待修改包和中间件,利用tcprewrite输出修改后的文件(test2.pcap)
tcprewrite -i test1.pcap -o test2.pcap --cachefile=test_cache.cache [具体修改项]
三、修改方法
# tcprewrite -h
tcprewrite (tcprewrite) - Rewrite the packets in a pcap file.
Usage: tcprewrite [ -<flag> [<val>] | --<name>[{=| }<val>] ]...
-r, --portmap=str Rewrite TCP/UDP ports
-s, --seed=num Randomize src/dst IPv4/v6 addresses w/ given seed
-N, --pnat=str Rewrite IPv4/v6 addresses using pseudo-NAT
-S, --srcipmap=str Rewrite source IPv4/v6 addresses using pseudo-NAT
-D, --dstipmap=str Rewrite destination IPv4/v6 addresses using pseudo-NAT
-e, --endpoints=str Rewrite IP addresses to be between two endpoints
--tcp-sequence=num Change TCP Sequence (and ACK) numbers /w given seed
-b, --skipbroadcast Skip rewriting broadcast/multicast IPv4/v6 addresses
-C, --fixcsum Force recalculation of IPv4/TCP/UDP header checksums
-m, --mtu=num Override default MTU length (1500 bytes)
--mtu-trunc Truncate packets larger then specified MTU
-E, --efcs Remove Ethernet checksums (FCS) from end of frames
--ttl=str Modify the IPv4/v6 TTL/Hop Limit
--tos=num Set the IPv4 TOS/DiffServ/ECN byte
--tclass=num Set the IPv6 Traffic Class byte
--flowlabel=num Set the IPv6 Flow Label
-F, --fixlen=str Pad or truncate packet data to match header length
--fuzz-seed=num Fuzz 1 in X packets. Edit bytes, length, or emulate packet drop
--fuzz-factor=num Set the Fuzz 1 in X packet ratio (default 1 in 8 packets)
--skipl2broadcast Skip rewriting broadcast/multicast Layer 2 addresses
--dlt=str Override output DLT encapsulation
--enet-dmac=str Override destination ethernet MAC addresses
--enet-smac=str Override source ethernet MAC addresses
--enet-subsmac=str Substitute MAC addresses
--enet-mac-seed=num Randomize MAC addresses
--enet-mac-seed-keep-bytes=num Randomize MAC addresses
--enet-vlan=str Specify ethernet 802.1q VLAN tag mode
--enet-vlan-tag=num Specify the new ethernet 802.1q VLAN tag value
--enet-vlan-cfi=num Specify the ethernet 802.1q VLAN CFI value
--enet-vlan-pri=num Specify the ethernet 802.1q VLAN priority
--enet-vlan-proto=str Specify VLAN tag protocol 802.1q or 802.1ad
--hdlc-control=num Specify HDLC control value
--hdlc-address=num Specify HDLC address
--user-dlt=num Set output file DLT type
--user-dlink=str Rewrite Data-Link layer with user specified data
-i, --infile=str Input pcap file to be processed
-o, --outfile=str Output pcap file
-c, --cachefile=str Split traffic via tcpprep cache file
-v, --verbose Print decoded packets via tcpdump to STDOUT
-A, --decode=str Arguments passed to tcpdump decoder
--skip-soft-errors Skip writing packets with soft errors
-V, --version Print version information
-h, --less-help Display less usage information and exit
-H, --help display extended usage information and exit
-!, --more-help extended usage information passed thru pager
--save-opts[=arg] save the option state to a config file
--load-opts=str load options from a config file
1.链路层数据的修改
2.ip层数据的修改
3.传输层数据的修改
标签:enet,addresses,--,报文,利器,num,str,tcprewrite,pcap From: https://www.cnblogs.com/Mourinkun/p/17762362.html