North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: need utillity that can do complex tcp replay

  • From: Andre Gironda
  • Date: Tue Dec 12 11:54:48 2006
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=oUOOlVtvubqkL9mNf6DVrUCVX0AsoMFUzcZgfXYB1qsObQU1UCX65S58yRgSyHTHUKyv5pFW6fmHoczghFXqPh909U60LovRAz/8Pcw041IZx5oKVIVPLz8YVD1CwhZeJVNdjcrwKs7XYwLDjjbyb+Uh8jiMs70Jf4xVQ26EtV0=
It appears that you have already found it.  what's wrong with tcp-replay?

i'm not sure exactly what you mean by "simulated client".  are you
looking for interactivity?

i saw this problem/need described well in chapter 4 of microsoft press
"Hunting Security Bugs".  the authors of the book provide a tool
called MITM (on their companion site). The book also provides a link
to a tool called Interactive TCP Relay
http://www.imperva.com/application_defense_center/tools.asp

the Unix opensource tools netcat, scapy, and blackbag (especially
telson, blit) may also help out.

also, in particular for HTTPS, you may want to consider using a local
http proxy such as the very popular burpproxy.  there are scripts to
parse and replay burp's logfiles generated from request/responses
available in various places, including Network Security Tools from
O'Reilly.

dre

On 12/12/06, william(at)elan.net <[email protected]> wrote:

I need to find utility for testing of application debugging issue that
can replay captured ip traffic, something similar to description at:
   http://tcpreplay.synfin.net/trac/wiki/flowreplay
William Leibzon