tcpreplay
tcpreplay copied to clipboard
Tomahawk like IP mapping
From tomahawk 1.1: Replacing pcap IP Addresses (courtesy ICSA labs)
Changed algorithm for assigning rewritten IP addresses. The new format is X.HID.N.N, where:
- The first byte (X) can be either a constant - provided by the user on the command line - or taken from the first byte of the IP address in the original packet.
- HID is the handler ID. This method allows for 254 consecutive handlers (values 0 and 255 are reserved in the second octet).
- The last 2 octets (N.N) are either chosen at random and guaranteed to be unique within a pcap.
In choosing to keep the first octet the same as that which was in the original pcap, you not only introduce randomness and uniqueness into the address space but also get IP addresses similar to those in the original pcap since the first octet remains the same. Use the -d flag on the command line to activate this behavior.