simulate incoming packets on a network interface in linux

10
votes

If you normally send tcpreplay of a pcap through an interface say eth0 , the packets are outbound, ie will go out through the network card . Is there any way i can make the pcaps inbound so that my system should process it as an inbound packet?

Possible Scenario

I have an application that receives packet from eth0, extract some details from the packet and sends it through eth1. Now the situation is fine if the network is setup and real packets actually flow in to my system. But for testing purposes , i do not have anything connected to my eth0 or eth1 ports , but i still want to create similar kind of traffic from a pcap(probably through a script ) so that i dont have to depend on an external physical network connection for testing the application.

3
linuxnetworkingnetwork-programming
Do you need your packets to hit the iptables INPUT/FORWARD chains just like the "real" traffic does or is it ok to ignore the firewall? Do you just need the dst mac of the packet match the eth0 ones or do you need that the kernel "think" that the packet was received via eth0, i.e. packet's internal structure pointing to the eth0 as originator?Ihor Kaharlichenko
I want the kernel "think" that the packet was received via eth0...ie packet's internal structure pointing to the eth0 as originator...woodstok

3 Answers

7
votes

Replace eth0 with lo

  1. Run your application which receives packets from lo and sends packets to eth1
  2. Run another program (packet generator) which send packets to lo

every packet send to lo will be received by lo again, so your application will receive packets from your packet generator.

if your lo is busy with other packets, you can add more loopback device by kernel argument max_loop=x

5
votes

There are several possible solutions:

  • The quick and dirty solution: Since you have two physical connections, have you considered using a patch cable to connect the two Ethernet ports on your machine? You would then be able to use libpcap to send packets out through eth1 and receive them through eth0. Of course, this solution requires physical access to the machine and you would also lose the ability to use those connections normally.

  • The Right solution: It seems to me that what you are looking for is a way to emulate traffic through a physical network interface. The typical way to do that on Linux (and possibly some other Unix-like systems) is to create a TAP virtual interface. Have a look here for a simple tutorial on TUN/TAP interfaces.

    Unfortunately, tpcreplay does not appear to support TUN/TAP interfaces yet. You might be able to somehow make it work, but I suspect it will be quite awkward.

  • The middle ground: Use a Linux virtual machine on e.g. VirtualBox. I am not sure on the exact network configuration that is needed, but as far as I can tell this should work.

1
votes

Do you want to send AND receive the packets on the same computer but via particular network card/interface?
The only way that I know of how you can do it is to set up a bounce/echo server.