This way we can spoof the mac address of our nic card in linux.
ifconfig eth0 down
ifconfig eth0 hw ether 00:00:AA:BB:CC:DD
ifconfig eth0 up
Wednesday, December 16, 2009
Sunday, December 13, 2009
TCP Replay
This is really a nice tool specially in case of malformed packets doing something wrong in your network.
In ASR1000 router we can capture the last packet which made the crash or traceback or any stupid thing it's not suppose to do.
so getting this packet from the customer network is an easy thing (that comes from GPM memory).
now you can replay the packet using the tcpreplay option and you are all set to test the same attack in your lab (without using the code/tool the person used to crash the box)>:)
Lnx-------------Router------------Otherside
1st change the source and destination packet address as per your network(it's must you know why)
-changing the ip add
[root@mrbu-devtest dujoshi]# tcprewrite -i gpm-packet.pcap --pnat 87.244.12.179/16:192.168.100.1/16 -o abc.pcap
-Changing the mac address
[root@mrbu-devtest dujoshi]# tcprewrite -i gpm-packet.pcap --enet-smac=00:21:d8:59:7f:0c,00:22:64:c3:64:94 -o abcd.pcap
and then you can run the tcpreplay
[root@mrbu-devtest dujoshi]# tcpreplay -i eth1 abcd.pcap
sending out eth1
processing file: abcd.pcap
Actual: 1 packets (180 bytes) sent in 0.01 seconds
Rated: 18000.0 bps, 0.14 Mbps, 100.00 pps
Statistics for network device: eth1
Attempted packets: 1
Successful packets: 1
Failed packets: 0
Retried packets (ENOBUFS): 0
Retried packets (EAGAIN): 0
[root@mrbu-devtest dujoshi]#
In ASR1000 router we can capture the last packet which made the crash or traceback or any stupid thing it's not suppose to do.
so getting this packet from the customer network is an easy thing (that comes from GPM memory).
now you can replay the packet using the tcpreplay option and you are all set to test the same attack in your lab (without using the code/tool the person used to crash the box)>:)
Lnx-------------Router------------Otherside
1st change the source and destination packet address as per your network(it's must you know why)
-changing the ip add
[root@mrbu-devtest dujoshi]# tcprewrite -i gpm-packet.pcap --pnat 87.244.12.179/16:192.168.100.1/16 -o abc.pcap
-Changing the mac address
[root@mrbu-devtest dujoshi]# tcprewrite -i gpm-packet.pcap --enet-smac=00:21:d8:59:7f:0c,00:22:64:c3:64:94 -o abcd.pcap
and then you can run the tcpreplay
[root@mrbu-devtest dujoshi]# tcpreplay -i eth1 abcd.pcap
sending out eth1
processing file: abcd.pcap
Actual: 1 packets (180 bytes) sent in 0.01 seconds
Rated: 18000.0 bps, 0.14 Mbps, 100.00 pps
Statistics for network device: eth1
Attempted packets: 1
Successful packets: 1
Failed packets: 0
Retried packets (ENOBUFS): 0
Retried packets (EAGAIN): 0
[root@mrbu-devtest dujoshi]#
Subscribe to:
Posts (Atom)