- Replaying PCAP Dumps Thu, 11 Mar 2010 08:35:40 -0500
-
Step 1) Collect data.
tcpdump -w logPackets.pcap tcp port 53
Step 2) Statup virtual machine
Step 3) Copy logPackets.pcap to VM.
Step 4) tcpreplay-edit -i eth0 --enet-dmac <your mac address on physical node> logPackets.pcap
If your using an older copy tcpreplay or do not have tcpreplay-edit installed, then you can either use tcpprep to write a cache file to separate the client and server instances ... this will also be able to modify the destination mac address. Alternatively you can use macchanger and just change the mac address on your physical ethernet device. Either way works.
:: ModernNinja (dot) com ::
- Disclaimer
- The ideas and opinions expressed here are mine.
- I'm a Linux and BSD user, and lean heavily toward the use of OSS vs certain other commercial solutions.
- Friends
- Kris Bailey
- ProjectDXTR
- Things I Work On
- Comwired
- Elvate
- DomainGraduate
- ScrappyHosting
- Jet A Studio
- Bukoo Gifts
- TechRepublic Contributor
- Things of the Past
- dnZoom
- Bido
- ModernBill
- DBS > Interactive
- Bukoo Gifts
