Introduction: Have you ever wanted to test how a system reacts, displays information, or handles attacks by pushing a bunch of PCAP (Packet Capture) files through a router or an Intrusion Detection and Prevention System (IDPS)? In this blog post, we’ll show you an easy and free method to accomplish this.
Step 1: Finding Suitable PCAP Files: To begin, you’ll need some PCAP files for testing. A good starting point is the website Netresec, where you can find a collection of PCAP files for various scenarios.
Step 2: The Main Script: Below is the primary script that will facilitate the process:
#!/bin/bash
echo "Welcome to Thunderdome"
for i in `ls -d -- */`; do cd $i && ./script.sh && cd ..; done
Step 3: The Script to be Executed: This script is called by the main script and performs the PCAP manipulation and replay.
#!/bin/bash
tcpprep --port --pcap=test.pcap --cachefile=in.cache
tcprewrite --cachefile=in.cache --endpoints 10.0.66.100:10.0.77.100 --infile=test.pcap --outfile=out.pcap
tcprewrite --enet-smac=00:50:56:99:96:65 --enet-dmac=00:50:56:99:e8:71 --infile=out.pcap --outfile=out2.pcap
/usr/bin/tcpreplay -i eth0 -K --mbps 6 --loop 1 out2.pcap
Step 4: Explanation of the Script:
- The script creates a cache file for the PCAP you want to run through using
tcpprep
. - It then rewrites the source and destination IP addresses in
test.pcap
and generatesout.pcap
. The source is taken frometh0
, or any other specified source, and the destination IP is set to the device’s IP that you want to send the PCAP through. - The script further rewrites the MAC addresses in
out2.pcap
. The destination MAC address is set to the device’s MAC address you want to push the traffic through. - Finally, it replays the traffic at 6 Mbps one time using
tcpreplay
.
Conclusion: Although there might be simpler ways to execute these commands, this method is easy to understand and gets the job done effectively. By following these steps, you can push PCAP files through a router or IDS to observe and evaluate system behavior in response to different scenarios. This method proves particularly useful in network testing and security assessment.
Please ensure you use this technique responsibly and avoid testing on production systems or networks. Happy testing!
0 Comments