How to capture tcpdump data to simulate connections from multiple IPs?

Hi,

This is a generic question about how to capture packets on linux for
testing purpose. I need to capture packets comprising TCP connections
from multiple IPs to a single host. This is to test my code (in
verilog). I can capture packets using tcpdump but since I have only two
machines at home, I will only be getting packets from same source
address. I am considering two alternatives:

1) bind different IP addresses to same interface and use each as source
address. I am not sure if I can indeed bind large number of addresses
on Linux to single interface. Can someone tell me if it is possible?

2) follow these steps
a) capture packets corresponding to a simgle connection from node A
to node B.
b) repeat above step, say, 100 times.
c) Now, I have 100 files, each containing packets for one TCP
connection.
d) Overwrite bytes for source IP address in each file.
e) merge 100 files in some random fashion to simulate concurrent
connections

I would appreciate it if someone can comment on both these approaches
and importantly, if they sound plausible. If there is some other way to
achieve this, please let me know.

Thanks in advance,
Raghu.

(E-Mail Removed) wrote:
> Hi,
>
> This is a generic question about how to capture packets on linux for
> testing purpose. I need to capture packets comprising TCP connections
> from multiple IPs to a single host. This is to test my code (in
> verilog). I can capture packets using tcpdump but since I have only two
> machines at home, I will only be getting packets from same source
> address. I am considering two alternatives:
>
> 1) bind different IP addresses to same interface and use each as source
> address. I am not sure if I can indeed bind large number of addresses
> on Linux to single interface. Can someone tell me if it is possible?
>
> 2) follow these steps
> a) capture packets corresponding to a simgle connection from node A
> to node B.
> b) repeat above step, say, 100 times.
> c) Now, I have 100 files, each containing packets for one TCP
> connection.
> d) Overwrite bytes for source IP address in each file.
> e) merge 100 files in some random fashion to simulate concurrent
> connections
>
> I would appreciate it if someone can comment on both these approaches
> and importantly, if they sound plausible. If there is some other way to
> achieve this, please let me know.
>
> Thanks in advance,
> Raghu.
>

The correct place to capture the data is at the target host.
Do you have root access to it?

If not, you need an Ethernet tapping cable between the target
and the node feeding it, and put an extra computer to record
the data from the tap.

--

Tauno Voipio
tauno voipio (at) iki fi

Hi,

I have root access to target host. The two machines I referred are my
home systems (one linux and one windows).

Thanks,
Raghu.

Tauno Voipio wrote:
> (E-Mail Removed) wrote:
> > Hi,
> >
> > This is a generic question about how to capture packets on linux for
> > testing purpose. I need to capture packets comprising TCP connections
> > from multiple IPs to a single host. This is to test my code (in
> > verilog). I can capture packets using tcpdump but since I have only two
> > machines at home, I will only be getting packets from same source
> > address. I am considering two alternatives:
> >
> > 1) bind different IP addresses to same interface and use each as source
> > address. I am not sure if I can indeed bind large number of addresses
> > on Linux to single interface. Can someone tell me if it is possible?
> >
> > 2) follow these steps
> > a) capture packets corresponding to a simgle connection from node A
> > to node B.
> > b) repeat above step, say, 100 times.
> > c) Now, I have 100 files, each containing packets for one TCP
> > connection.
> > d) Overwrite bytes for source IP address in each file.
> > e) merge 100 files in some random fashion to simulate concurrent
> > connections
> >
> > I would appreciate it if someone can comment on both these approaches
> > and importantly, if they sound plausible. If there is some other way to
> > achieve this, please let me know.
> >
> > Thanks in advance,
> > Raghu.
> >
>
> The correct place to capture the data is at the target host.
> Do you have root access to it?
>
> If not, you need an Ethernet tapping cable between the target
> and the node feeding it, and put an extra computer to record
> the data from the tap.
>
> --
>
> Tauno Voipio
> tauno voipio (at) iki fi

> 1) bind different IP addresses to same interface and use each as source
> address. I am not sure if I can indeed bind large number of addresses
> on Linux to single interface. Can someone tell me if it is possible?

I'm sure you can bind a few on your Linux box without running out of
resources. I don't know about XP - but you could just boot Knoppix or
something. Once you have some data, you can use (2) to expand whatever
you capture. It will require a little more care to get the source and
destination addresses right. I suspect you will need to put them on
different class C networks for anything to work.
>
> 2) follow these steps
> a) capture packets corresponding to a simgle connection from node A
> to node B.
> b) repeat above step, say, 100 times.
> c) Now, I have 100 files, each containing packets for one TCP
> connection.
> d) Overwrite bytes for source IP address in each file.
> e) merge 100 files in some random fashion to simulate concurrent
> connections

There are some tools that come with ethereal that will help you do this:
- editcap to adjust times
- mergecap to merge together multiple capture files
Off the top of my head I can't think of anything to change the IP
addresses. Check the tool list on the Caida website.