Now you got cool pcap file that captured from the wire and would like to edit it to replay the traffics against your server, thus you need to change the destination IP address. Since there are so many packets and you want to change the destination IP address at one time, here's little tricks that you can do with netdude.
For example you can just load the pcap file into netdude, in my situation the destination IP is 172.16.0.99, then I need to change it to 10.0.0.1, thus I just need to go to Edit -> Select All or you can just right click in the pane and Select All, then click on the IPv4 tab below, choose the Dst.addr field and you can change the value from 172.16.0.99 to 10.0.0.1, once you have changed it, you may have almost the same thing like the screenshot below.
For example you can just load the pcap file into netdude, in my situation the destination IP is 172.16.0.99, then I need to change it to 10.0.0.1, thus I just need to go to Edit -> Select All or you can just right click in the pane and Select All, then click on the IPv4 tab below, choose the Dst.addr field and you can change the value from 172.16.0.99 to 10.0.0.1, once you have changed it, you may have almost the same thing like the screenshot below.
Since you have made changes to the IP header, the checksum value will be wrong and need to be recalculated, you can just correct it by click on Plugins -> Checksum Fixer.
The checksum value is corrected and you can save it by now and ready to replay the traffics with it.
Cheers :]
1 comment:
I would recommend if you can, to mimic the sessions by changing all of the destinations, and the sources, and mac addresses to your source/dest test systems.
Post a Comment