tcpreplay icon indicating copy to clipboard operation
tcpreplay copied to clipboard

Published 20 hours ago verified publisher icon synfinatic

Tomahawk like IP mapping

Open synfinatic opened this issue 10 years ago • 0 comments

From tomahawk 1.1: Replacing pcap IP Addresses (courtesy ICSA labs)

Changed algorithm for assigning rewritten IP addresses. The new format is X.HID.N.N, where:

  • The first byte (X) can be either a constant - provided by the user on the command line - or taken from the first byte of the IP address in the original packet.
  • HID is the handler ID. This method allows for 254 consecutive handlers (values 0 and 255 are reserved in the second octet).
  • The last 2 octets (N.N) are either chosen at random and guaranteed to be unique within a pcap.

In choosing to keep the first octet the same as that which was in the original pcap, you not only introduce randomness and uniqueness into the address space but also get IP addresses similar to those in the original pcap since the first octet remains the same. Use the -d flag on the command line to activate this behavior.

synfinatic avatar Nov 23 '13 02:11 synfinatic