tcp流重放工具 [英] tcp stream replay tool

问题描述

我正在寻找一种工具来记录和重放 TCP 流的一侧以进行测试.我看到了记录整个 TCP 流(服务器和客户端)以测试防火墙等的工具，但我正在寻找的是一个工具，它只记录客户端提交的流量(带有时间信息)然后重新提交它到服务器进行测试.

I'm looking for a tool for recording and replaying one side of a TCP stream for testing. I see tools which record the entire TCP stream (both server and client) for testing firewalls and such, but what I'm looking for is a tool which would record just the traffic submitted by the client (with timing information) and then resubmit it to the server for testing.

推荐答案

由于TCP处理重传的方式，序号，SACK 和窗口化这可能比你想象的更困难.

Due to the way that TCP handles retransmissions, sequence numbers, SACK and windowing this could be a more difficult task than you imagine.

通常人们使用 tcpreplay 进行数据包重放；但是，它不支持同步 TCP 序列号.由于您需要双向 TCP 流(这需要同步 seq 编号)，请使用以下选项之一:

Typically people use tcpreplay for packet replay; however, it doesn't support synchronizing TCP sequence numbers. Since you need to have a bidirectional TCP stream, (and this requires synchronization of seq numbering) use one of the following options:

1. 如果这是一个交互性很强的客户端/服务器协议，你可以使用 scapy 去除流的 TCP 内容，解析时间和交互性.接下来使用此信息，打开一个新的 TCP 套接字到您的服务器并将该数据反序列化到新的 TCP 套接字中.如果遇到 TCP 重传和窗口动态，使用 scapy 解析原始流可能会很棘手.将字节写入新的 TCP 套接字不需要自己处理序列号......操作系统会处理这些.

1. If this is a very interactive client / server protocol, you could use scapy to strip out the TCP contents of your stream, parse for timing and interactivity. Next use this information, open a new TCP socket to your server and deserialize that data into the new TCP socket. Parsing the original stream with scapy could be tricky, if you run into TCP retransmissions and windowing dynamics. Writing the bytes into a new TCP socket will not require dealing with sequence numbering yourself... the OS will take care of that.

如果这是一个简单的流并且您可以不使用计时(或想要手动插入计时信息)，您可以使用 wireshark 从 TCP 流中获取原始字节而无需担心关于使用 scapy 进行解析.获得原始字节后，将这些字节写入新的 TCP 套接字(根据需要考虑交互性).将字节写入新的 TCP 套接字不需要自己处理序列号......操作系统会处理这些.

If this is a simple stream and you could do without timing (or want to insert timing information manually), you can use wireshark to get the raw bytes from a TCP steam without worrying about parsing with scapy. After you have the raw bytes, write these bytes into a new TCP socket (accounting for interactivity as required). Writing the bytes into a new TCP socket will not require dealing with sequence numbering yourself... the OS will take care of that.

如果您的流是严格的文本(但不是 html 或 xml)命令，例如 telnet 会话，则 Expect 类的解决方案可能比上述解析更容易.在此解决方案中，您不会直接从代码打开 TCP 套接字，使用期望 spawn telnet(或其他)会话并使用 send/<重播文本命令代码>期望.您期望的库/底层操作系统将负责序列编号.

If your stream is strictly text (but not html or xml) commands, such as a telnet session, an Expect-like solution could be easier than the aforementioned parsing. In this solution, you would not open a TCP socket directly from your code, using expect to spawn a telnet (or whatever) session and replay the text commands with send / expect. Your expect library / underlying OS would take care of seq numbering.

如果您正在测试 Web 服务，我怀疑通过 Selenium 或 Splinter.您的 http 库/底层操作系统将负责新流中的序列编号.

If you're testing a web service, I suspect it would be much easier to simulate a real web client clicking through links with Selenium or Splinter. Your http library / underlying OS would take care of seq numbering in the new stream.

这篇关于tcp流重放工具的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！