trex astf pcap
144 views
Skip to first unread message
Максим Богданов
Apr 5, 2023, 12:09:51 PM4/5/23
to TRex Traffic Generator
Hello, friends!
With TREX i'm trying to create a realistic scenario in which i have clean traffic and attack traffic at same time.
I'm using TREX ASTF and a pcap file to simulate attacks
I'm using TREX ASTF and a pcap file to simulate attacks
the problem is that TREX doesn't generate all packets from original pcap file. see attachment below.
In this case attacks are not blocked by DUT
I found workaround - i'm using stf for attack traffic, but i want to find a way to fix that in astf mode
Could you help me with that?
I found workaround - i'm using stf for attack traffic, but i want to find a way to fix that in astf mode
Could you help me with that?
best regards
Максим Богданов
Apr 6, 2023, 4:18:09 AM4/6/23
to TRex Traffic Generator
here is a link to pcap file
среда, 5 апреля 2023 г. в 19:09:51 UTC+3, Максим Богданов:
Besart Dollma
Apr 27, 2023, 2:46:15 AM4/27/23
to TRex Traffic Generator
Hi,
It seems like it is replaying only one flow, but the best way to replay pcap as is, is using STL.
If you really want to use ASTF, you can manually in wireshark separate the flows into a different pcaps with one flow each.
Thanks,
Vijay Ram
May 2, 2023, 1:01:28 PM5/2/23
to Besart Dollma, TRex Traffic Generator
Hi,
I have exactly the same requirement. I have a single PCAP with two flows (one is a clean telnet flow end to end & other is a Malware flow). I just extracted only the Malware flow based on destination port number as above
and imported it in TRex AVL folder. I then used this new PCAP & added in a script file in ASTF. This script file was running traffic end to end but my DuT didn't block the Malware traffic.
In your above snipp, attack traffic flow seems to be correct
Isn't this PCAP with one attack flow suffice? Or should we need both clean & attack flows to be sent together for any FW to detect it as Malware packet?
thx,
Vijayram
--
You received this message because you are subscribed to the Google Groups "TRex Traffic Generator" group.
To unsubscribe from this group and stop receiving emails from it, send an email to trex-tgn+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/trex-tgn/f3b44c5e-6bfe-420c-9574-83aa6189740bn%40googlegroups.com.
with regards
Vijayram.P
Vijayram.P
Максим Богданов
Jul 25, 2023, 7:20:20 AM7/25/23
to TRex Traffic Generator
hello
The above problem appears on any pcap file (tried on trex default PCAPs)
seems like when we using ASTFCapInfo Trex establishing sessions in tho way handshake.
The above problem appears on any pcap file (tried on trex default PCAPs)
seems like when we using ASTFCapInfo Trex establishing sessions in tho way handshake.
четверг, 27 апреля 2023 г. в 09:46:15 UTC+3, Besart Dollma:
Reply all
Reply to author
Forward
0 new messages