[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Asterisk ignoring replayed libpcap sessions



Something like this http://tcpreplay.synfin.net/trac/wiki/flowreplay
is what is needed. This didn't compile the last time I tried.

So for TCP protocols I wrote a small script that parses the "follow
TCP c-array" output from Wireshark (which does reassembly at various
levels) and then sends via standard sockets.

- mdf

On 10/31/06, nnp <version5@xxxxxxxxx> wrote:
That is true but unfortunately (or fortunately depending on how you
look at it) it works perfectly using python and plain old UDP sockets
just reading the plain text SIP dump from file.

On 10/30/06, Stefano Zanero <s.zanero@xxxxxxxxxxxxxxxx> wrote:
> nnp wrote:
> > SIP is carried over UDP.
>
> Yes, that's true, but is it only SIP that you are talking about ? And
> even in that case... it's not so simple.
>
> TCPReplay also replays UDP packets, but if for instance those packets
> contain nonces, identifiers that can be changed from either side, or
> other elements of freshness, you can't expect that a server will react
> correctly to a blind REPLAY of a former session... much in the same way
> this wouldn't fly with TCP based protocols
>
> Stefano
>


--
http://silenthack.co.uk



--
Matthew Franz
http://www.threatmind.net/