0

I'm using tcpreplay to generate traffic from the .pcap file for my experiments. More specifically I'm using files from the ISCX-VPN-NONVPN-2016 public dataset.

However, I'm having problems retransmitting encrypted traffic, as they present the L2 Raw packet data fields as shown in the image.

pcap file without L2 headers

The following error is displayed when I try to relay traffic:

~ # tcpreplay -i enp0s25 input.pcap
tcpreplay: flows.c:204: flow_decode: Assertion `l2len > 0' failed.
Aborted (core image recorded)

Is there any way to add ethernet headers in this case to avoid this error?

Leandro Pereira
  • 41
  • 6

1 Answers1

0

I solve the problem using the Tcpreplay 4.4.2-beta. This version has only bug fixes. One of them is heap-buffer-overflow in get_l2len_protocol().

Now it works perfectly.

tcpreplay -i enp0s25 input.pcap 
Actual: 422098 packets (369433883 bytes) sent in 224.07 seconds
Rated: 1648722.3 Bps, 13.18 Mbps, 1883.75 pps
Flows: 922 flows, 4.11 fps, 422098 flow packets, 0 non-flow
Statistics for network device: enp0s25
    Successful packets:        422098
    Failed packets:            0
    Truncated packets:         0
    Retried packets (ENOBUFS): 0
    Retried packets (EAGAIN):  0
Leandro Pereira
  • 41
  • 6