Âü°í : http://tcpreplay.synfin.net/wiki/tcprewrite
tcpdump -w ¿É¼ÇÀ» ÅëÇØ »ý¼ºµÈ rawpacket ³»¿ëÀ» ¼öÁ¤ÇÒ¼ö ÀÖ°Ô ÇØÁÖ´Â ÇÁ·Î±×·¥ÀÌ´Ù.
ÆÐŶÆÄÀÏÀÇ src ip . dst ip, mac, port µîµîÀ» ÀçÀÛ¼ºÇÒ¼ö ÀÖ°Ô ÇØÁÖ¸ç ±âŸ ÆÐŶÆÄÀÏÀÇ ¼¼ºÎÀûÀ¸·Î ¼öÁ¤µµ °¡´ÉÇÏ´Ù.
¿É¼Ç
µðµµ½º°ø°Ý½Ã¿¡ ĸÃÄÇÑ rawpacket ÆÄÀÏ¿¡ dst ip °ªÀ» º¯°æÇÏ°íÀÚ ÇÑ´Ù¸é...
ÇöÀç rawpacket
15:29:43.375061 IP 58.22.43.178.16591 > 183.100.240.41.18968: S 140103850:140104710(860) win 128
15:29:43.375113 IP 222.54.130.209.11238 > 183.100.240.41.16044: S 1213429559:1213430419(860) win 128
15:29:43.375162 IP 218.75.100.193.15070 > 183.100.240.41.31680: S 987086282:987087142(860) win 128
15:29:43.375261 IP 222.170.63.73.2280 > 183.100.240.41.26715: S 1920033858:1920034268(410) win 128
15:29:43.375311 IP 61.237.86.95.30105 > 183.100.240.41.31521: S 1205711487:1205712347(860) win 128
15:29:43.375410 IP 218.75.100.195.11662 > 183.100.240.41.28295: S 1526893938:1526894798(860) win 128
15:29:43.375460 IP 222.54.131.224.9912 > 183.100.240.41.27422: S 1634479563:1634480223(660) win 128
.........................................
.........................................
º¯È¯
tcprewrite -i kt.pcap-20100914-1529 -o ddos.pcap -D 183.100.240.41:218.236.115.222 -C -v
-i : Input À¸·Î »ç¿ëÇÒ PCAP ÆÄÀÏ
-o : ÀçÀÛ¼º ÇÏ¿© ÀúÀåµÉ PCAP ÆÄÀÏ/ Output ÆÄÀÏ
-D --dstipmap : º¯°æÇÒ ¸ñÀûÁö IP / ÀÎÀÚ°ªÀ» µÎ°³ »ç¿ë
¾Õ ÀÎÀÚ°ªÀº ¿ø·¡ÀÇ ÁÖ¼ÒÀ̸ç, ´ÙÀ½ ÀÎÀÚ°ªÀºº¯°æÇÒ IP ÁÖ¼Ò
-S --srcipmap : dstipmap °ú °°ÀÌ ¶È°°ÀÌ ¼Ò½ºIP ¸¦ º¯°æÇÒ ¶§ »ç¿ë
--endpoints : Ãâ¹ßÁö¿Í ¸ñÀûÁö ¾çÂÊÀÇ ¿£µåÆ÷ÀÎÆ®¸¦ º¯°æÇÒ ¶§ »ç¿ë
--portmap : TCP/UDP Æ÷Æ®¸¦ º¯°æ
--seed : Ãâ¹ßÁö/¸ñÀûÁö IP ÁÖ¼Ò¸¦ ·£´ýÇÏ°Ô º¯°æ
-C : IP/TCP/UDP üũ¼¶°ªÀ» Àç °è»ê
-v : ¼¼ºÎÀûÀÎ Á¤º¸¸¦ Ãâ·Â
dst ip º¯È¯ÀÌÈÄ »ý¼ºµÈ rawpacket
15:29:43.375061 IP 58.22.43.178.16591 > 218.236.115.222.18968: S 140103850:140104710(860) win 128
15:29:43.375113 IP 222.54.130.209.11238 > 218.236.115.222.16044: S 1213429559:1213430419(860) win 128
15:29:43.375162 IP 218.75.100.193.15070 > 218.236.115.222.31680: S 987086282:987087142(860) win 128
15:29:43.375261 IP 222.170.63.73.2280 > 218.236.115.222.26715: S 1920033858:1920034268(410) win 128
15:29:43.375311 IP 61.237.86.95.30105 > 218.236.115.222.31521: S 1205711487:1205712347(860) win 128
15:29:43.375410 IP 218.75.100.195.11662 > 218.236.115.222.28295: S 1526893938:1526894798(860) win 128
15:29:43.375460 IP 222.54.131.224.9912 > 218.236.115.222.27422: S 1634479563:1634480223(660) win 128