|
Vulnerability Development
mailing list archives
Re: Asterisk ignoring replayed libpcap sessions
From: "Matthew Franz" <mdfranz () gmail com>
Date: Thu, 2 Nov 2006 09:25:56 -0600
Something like this http://tcpreplay.synfin.net/trac/wiki/flowreplay
is what is needed. This didn't compile the last time I tried.
So for TCP protocols I wrote a small script that parses the "follow
TCP c-array" output from Wireshark (which does reassembly at various
levels) and then sends via standard sockets.
- mdf
On 10/31/06, nnp <version5 () gmail com> wrote:
That is true but unfortunately (or fortunately depending on how you
look at it) it works perfectly using python and plain old UDP sockets
just reading the plain text SIP dump from file.
On 10/30/06, Stefano Zanero <s.zanero () securenetwork it> wrote:
> nnp wrote:
> > SIP is carried over UDP.
>
> Yes, that's true, but is it only SIP that you are talking about ? And
> even in that case... it's not so simple.
>
> TCPReplay also replays UDP packets, but if for instance those packets
> contain nonces, identifiers that can be changed from either side, or
> other elements of freshness, you can't expect that a server will react
> correctly to a blind REPLAY of a former session... much in the same way
> this wouldn't fly with TCP based protocols
>
> Stefano
>
--
http://silenthack.co.uk
--
Matthew Franz
http://www.threatmind.net/
 By Date 
By Thread
Current thread:
| 
Intro
