Opened 13 years ago

Last modified 11 years ago

#40 new enhancement

Tomahawk like IP mapping

Reported by: aturner Owned by: aturner
Priority: medium Milestone: Future Release
Component: libtcpedit Version: 3.0.beta7
Keywords: Cc:
Operating System: Add to FAQ?: no
Hardware: All
Output of tcpreplay -V:

Description (last modified by aturner)

From tomahawk 1.1:
Replacing pcap IP Addresses (courtesy ICSA labs)

Changed algorithm for assigning rewritten IP addresses. The new
format is X.HID.N.N, where

  • The first byte (X) can be either a constant - provided by the user on the command line - or taken from the first byte of the IP address in the original packet.
  • HID is the handler ID. This method allows for 254 consecutive handlers (values 0 and 255 are reserved in the second octet).
  • The last 2 octets (N.N) are either chosen at random and guaranteed to be unique within a pcap.

In choosing to keep the first octet the same as that which was in
the original pcap, you not only introduce randomness and uniqueness
into the address space but also get IP addresses similar to those in
the original pcap since the first octet remains the same. Use the
-d flag on the command line to activate this behavior.

Change History (3)

comment:1 Changed 13 years ago by aturner

  • Description modified (diff)

comment:2 Changed 12 years ago by aturner

  • Summary changed from Tomahawk like IP randomization to Tomahawk like IP mapping

comment:3 Changed 12 years ago by aturner

  • Add to FAQ? unset

Actually what this should be is flow multiplication. Basically using each packet as a template to send many packets like it. Generally speaking, this is done by either changing the source port (for tcp) or src or dst IP address (for tcp/udp/icmp).

This code probably won't improve performance any (hard to beat the cache mode), but it would be useful for stress testing the flow rampup/etc of the DUT. Also, I should make sure the code could be used for a tomahawk replacement (#7)

Note: See TracTickets for help on using tickets.