I have a PCAP file from a system with SIP setup/teardown and RTP. Can I use the PCAP file to test that the compatibility of that switch with mine, by firing the packets into my switch?
If yes, how?
I have seen TCP replay, but I'm not used to it. Can I use Star Trinity?
You could use SIPP tool for testing the switch. Added pcap file into xml file and trigger.
http://sipp.sourceforge.net/doc/reference.html#UAC+with+media
Related
pktgen version: 3.4.2
there are multiple pcap files, and how to send those packets in multiple pcap files using DPDK pktgen?
How to use PKTGEN sent all pcap files in in a directory.
First, When I use this cmd, it just send one packet Forever and no stop.
./pktgen -l 0-1 -n 3 -- -P -m "[1].0" -s 0:/pcap/test.pcap
I tried several ways but not work.
Current DPDK pktgen has the option -s P:file, which allows specific PCAP file to associated to a DPDK port. Based on the contents of the PCAP file, either a single packet or multiple packets will be continuously sent through the selected DPDK port via PKTGEN.
using options like rate, count one can control the behaviour. Both the option to select multiple PCAP over a port is not present in Command-Line. Through LUA scripts the option is also not present too.
the only valid option is page pcap to highlight the port and packets in use and pcap show to display pcap relevant information. Hence the option to send packets from multiple pcap files via cmd line or Lua script is absent.
Note: an alternative to exploring would be DPDK hosted project https://doc.dpdk.org/burst-replay/ as the current logic reads the packets into mbuf memory and sends from the cache. You can either modify DPDK-PKTGEN or BUTST-REPLAY to accept pcap folder and read multiple pcap files to achieve the same.
I have successfully installed wireshark on centos 6.4 I can run the command tshark it works perfectly fine. I want to run gdb so that I want to learn how it decodes tcp and udp packet as I am writing an application where I need to dissect these two types of packets. When I run libtool --mode=execute gdb tshark it run and stop at here (gdb) it not capturing anything. The reason I want to run it via gdb is to learn how both tcp and udp have been dissect as I dont want to reinvent the wheel.
I don't think it would be practical to learn tcp dissection through just gdb.
Why not directly examine the source code? It's available for download here. All dissector can be found under "epan/dissectors/".
You might specifically want to look at packet-tcp.c and packet-udp.c files, particularly the functions dissect_tcp() and dissect_udp() respectively. Also, a quick read through this tutorial for creating dissectors might help you understand the coding conventions of this project quickly.
Is there a way to convert wireshark .pcap files to a format that fiddler understands?
Every so often we get network traces generated from wireshark in .pcap files. Most of the time the traces contain mostly HTTP traffic which I find much easier to analyze using fiddler.
Fiddler 2 and Fiddler 4 now include import support for PCAP, PCAPNG, and NetMon files. Click File > Import > Packet Capture.
Note that only HTTP traffic will be imported (HTTPS traffic is encrypted, and FTP traffic wasn't a priority).
You can use ColaSoft Packet Player which enables to play captured .pcap files and open fiddler on capturing all processes and receive all data as it was captured.
Fiddler 4 supports pcap files.
I would like to implement HTTP live streaming for iPhone/iPad. I am following the apple standards and tools for same.
As of now my video source is one giving me live video from rtsp://123.123.123.123:554/mpeg4 (sample IP). but as HTTP live streaming and mediastreamsegmenter required to pass source over UDP network so i have twisted way bit.
So that i have used VLC player and first stream RTSP to UDP.
For example, i have stream video source from rtsp://123.123.123.554/mpeg4 and redirected it to
udp://#123.123.123.17:1234 (sample ip). i have tested this with two instance of VLC on same machine to check whether live streaming is played or not. it is working fine on VLC.
now I am user MAC OS 10.6.x (Snow leopard). and use latest tools (downloaded from Apple) fro HTTP Live Streaming
I am executing the following command from terminal
mediastreamsegmenter -b http://demo.dummy.com/stream -s 3 -D -f /Desktop/StreamParts 123.123.123.17:1234
here
http://demo.dummy.com/stream - server
/Desktop/StreamParts - Local Folder for saving .ts files
123.123.123.17:1234 - UDP url (from where live streaming is done)
But the problem is when i execute this command. it is giving me error like
no start access unit
error in pid 44(video) -- cc value should be 9 is 10, 1 is 2, 5 is 6, etc.
any idea? what is going wrong here? and what this error message is showing?
My hunch would be that the transport is incompatible. Apple's tools (i.e. mediastreamsegmenter) are expecting an MPEG2 transport stream over UDP, not just RTSP sent over UDP. The problem I have, which I'm afraid will be your next question, is how to correctly generate a MPEG2 transport stream.
Does someone know about a CPAN module on Win32 that captures network packets and edit them on the fly? As far as I know, the only Perl module on Win32 that deals with packets on the fly is Net::Pcap but it only support passive monitoring and not affet the TCP/IP stack.
Is there a such module could someone provide example /reference /documentation ?
As far as I know, libpcap allows you to read copies of incoming and outgoing packets, and some implementations allow you to inject a raw packet, but not rewrite a packet. You would basically have to drop the original packet (something libpcap cannot do) and then inject a new one in it's place.
Firewall apps that allow you to filter incoming and outgoing packets might be able to do something like this. However, since you're talking about Perl and Win32 your options are probably limited.
I think right answer is "implement proxy for this".
If it works in your scenario, try to implement proxy server. Listen on same port as your target service does and read all incoming traffic. If you need modification of packet, do it and pass all traffic to target service. Of course you have to implement both directions.
You can search for basic TCP deamon snippet in perl or maybe you can implement just module for existing proxy server for your service. Is it HTTP or what kind of traffic you need to handle?
I would suggest using Net::Pcap to capture traffic, then the Cygwin port of TCPReplay to modify and replay the traffic. Obviously a Linux setup would be more reliable since TCPreplay would work on it out of the box without requiring cygwin.