search

appneta / tcpreplay

Pcap editing and replay tools for *NIX and Windows - Users please download source from
http://tcpreplay.appneta.com/wiki/installation.html#downloads
1.17k stars 268 forks source link

[Bug] Is it feasible to complete the TCP handshake by replaying SYN+ACK using tcpliveplay? #825

Open ruoniao opened 1 year ago

ruoniao commented 1 year ago

Hello everyone.I encountered the same issue as this one when using tcpliveplay. I used a complete TCP packet from the diagram below for replay.

image

But it seems that Linux automatically sends an RST packet I suspect that it's because the network interruption has a higher priority than tcprelay, causing the Linux system to send an RST. image

I try use iptables command (iptables -I OUTPUT -p tcp -m tcp --dport 5000 --tcp-flags RST RST -j DROP) drop this package , But tcpreply image

But It does't work.So, I am suspecting if this method of sending TCP payload is feasible? Or is it a better choice to establish a TCP connection using sockets AF_INIT to send and receive payloads?

Looking forward to your reply.

jewdas1984 commented 10 months ago

Hello @ruoniao, exactly the same issue. Cannot get it to work.

fklassen commented 3 months ago

Sorry guys, the person who wrote tcpliveplay has left the project, and I cannot find anyone to clean it up. I may need to drop it. I will leave it in for another release cycle and if I cannot find anyone to support it, I'll drop it from the product suite.