Feature?

[deanbushmiller]

No description provided.

[deanbushmiller]

Setting SRC and DST for the pcap in the interface might be helpful instead of pulling from docker image my example "Running on http://172.17.0.2:5000/" My pcap files have 172.17.0.2 as both SRV & DST

[amit-raut]

Thank you for the feature request @deanbushmiller :)

I implemented to have SRC/DST IP to be 10.10.10.1 and 10.10.10.2 respectively here but I removed that because of inconsistent behavior of tcpprep and tcprewrite :(

I created issue for it with appneta/tcpreplay here

I have another thought of doing this which I'll try to implement in next release, but in my opinion this should not be a problem for testing Snort or IDS signatures generated by Re2Pcap

Thank you,
Amit

[amit-raut]

Thank you for the recommendation. 🙂

With c74eac7 I implemented following

SRC IP: 10.10.10.1
DST IP: 172.17.0.2 (Re2Pcap Container's IP Address)

If you need to update the DST IP please use tcprewrite -D [172.17.0.2/32]:[<Required IP/CIDR>] -i in.pcap -o out.pcap as mentioned here or you can use tcpprep or tcprewrite to set endpoints as mentioned here.

I hope this helps.

Thank you,
Amit
Cisco Talos