[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Traffic Mirroring

[sorry for late replay]
On Sat, Aug 23, 2008 at 09:29:37AM +0300, Volkan YAZICI wrote:
> That's a really good idea. But I even couldn't manage to direct a
> incoming connection to a single machine via DNAT. OTOH, while replaying

see posting from other

> tcpdump data, will I be able to change the source/destination address of
> the packages?

sure, those are stored in a file hence you can transform them the way you 
want, of course provided that you know how to parse TCP packets (eg
using libpcap-based apps - tshark/wireshark are the common tools to
_inspect_ TCP and much more).
You can replay through an interface (eg tun/tap) and change on the fly 
by iptables, or filter the raw dump .
Sorry, don't have a recipe handy, as in my case the culprit was the daemon 
state machine, and having the src it was more handy to tweak the code and 
read the tcpdump data instead from a socket, but you can look at tcpreplay,
either on sf.net or likely already packaged in your distro. Main info URL:


Reply to: