Re: Asterisk ignoring replayed libpcap sessions

["Matthew Franz" <mdfranz () gmail com>]

Something like this http://tcpreplay.synfin.net/trac/wiki/flowreplay
is what is needed. This didn't compile the last time I tried.

So for TCP protocols I wrote a small script that parses the "follow
TCP c-array" output from Wireshark (which does reassembly at various
levels) and then sends via standard sockets.

- mdf

On 10/31/06, nnp <version5 () gmail com> wrote:
> That is true but unfortunately (or fortunately depending on how you
> look at it) it works perfectly using python and plain old UDP sockets
> just reading the plain text SIP dump from file.
>
> On 10/30/06, Stefano Zanero <s.zanero () securenetwork it> wrote:
> > nnp wrote:
> > > SIP is carried over UDP.
> >
> > Yes, that's true, but is it only SIP that you are talking about ? And
> > even in that case... it's not so simple.
> >
> > TCPReplay also replays UDP packets, but if for instance those packets
> > contain nonces, identifiers that can be changed from either side, or
> > other elements of freshness, you can't expect that a server will react
> > correctly to a blind REPLAY of a former session... much in the same way
> > this wouldn't fly with TCP based protocols
> >
> > Stefano
> >
>
>
> --
> http://silenthack.co.uk


--
Matthew Franz
http://www.threatmind.net/