tcpreplay for windows (using scapy-python)

Running tcpreplay in windows is a tedious job. As far as I have searched, I couldn’t able to find any tcpreplay binary that runs in windows(newer) or an alternative. We need to compile the tcpreplay source code using cygwin and use it but will it work in second machine without cygwin in it? No. Otherwise we need to use seven year old tcpreplay-win32 code. Remember many things got changed in last seven year.

Tried to compile the tcpreplay source code using VS 2010 but I failed to compile it. We have to compile lot of *nix code in it. I was forced to find an alternative. Finally I found an alternative using scapy.

For developing a python script using scapy, we need to install these many python modules and binaries. I used python 2.6 for all my development. Sometimes I couldn’t find the python modules for latest versions of python. So I decided to stick with python 2.6.

Need software/modules:
    python-2.6.msi
    dnet-1.12.win32-py2.6.exe
    pcap-1.1-scapy-20090720.win32-py2.6.exe
    py2exe-0.6.9.win32-py2.6.exe
    pyreadline-2.0.win32.exe
    pywin32-214.win32-py2.6.exe
    WinPcap_4_1_3.exe
    scapy-latest.zip

Let’s develop a python script to read packets from a pcap file and send it.

import logging
logging.getLogger(“scapy.runtime”).setLevel(logging.ERROR)

from scapy.all import *

infile= ‘file.pcap’

try:
    my_reader = PcapReader(infile)
    for p in my_reader:
        sendp(p)
except IOError:
    print “Failed to read %s ” % infile
    sys.exit(1)

Once you have a working python script to replay, we can convert this python script into an EXE and use that in a different machine. Remember we don’t need to install anything except WinPcap. I used py2exe to create the EXE file from the python file. Once you created this EXE file, you need to install/copy just WinPcap related files. Here is the script (createexe.py)to create the EXE file from the py2exe.

from distutils.core import setup
import py2exe

setup(console=[“tcpreplay_scapy.py”],options = { ‘py2exe’: {“dll_excludes”: [‘packet’]}})

Compile this script using this command: “python.exe createexe.py py2exe”. Then copy the “dist” folder from the development machine to the test machine. You can either install WinPcap or copy only necessary files from the WinPcap Setup in the test machine.

If you don’t want to install WinPcap then you just copy the necessary binaries into these folders.

1. Copy these dll files to either “%windir%/syswow64/” (64-bit machine) or “%windir%/system32/” (32-bit machine) or to the folder where you have your binary:

Packet.dll
pthreadVC.dll
wpcap.dll

2. Copy this sys file to “%windir%/system32/drivers/” folder:

npf.sys

Advertisements
This entry was posted in Pentest, Tools, Windows and tagged , , , , , , , , , . Bookmark the permalink.

6 Responses to tcpreplay for windows (using scapy-python)

  1. Hao Chuang says:

    hi, i get some errors after building my script to exe

    WARNING: can’t import layer inet: No module named inet
    WARNING: can’t import layer dhcp: No module named dhcp
    WARNING: can’t import layer dns: No module named dns
    WARNING: can’t import layer dot11: No module named dot11
    WARNING: can’t import layer gprs: No module named gprs
    WARNING: can’t import layer hsrp: No module named hsrp
    WARNING: can’t import layer inet6: No module named inet6
    WARNING: can’t import layer ir: No module named ir
    WARNING: can’t import layer isakmp: No module named isakmp
    WARNING: can’t import layer l2tp: No module named l2tp
    WARNING: can’t import layer mgcp: No module named mgcp
    WARNING: can’t import layer mobileip: No module named mobileip
    WARNING: can’t import layer netbios: No module named netbios
    WARNING: can’t import layer netflow: No module named netflow
    WARNING: can’t import layer ntp: No module named ntp
    WARNING: can’t import layer ppp: No module named ppp
    WARNING: can’t import layer radius: No module named radius
    WARNING: can’t import layer rip: No module named rip
    WARNING: can’t import layer rtp: No module named rtp
    WARNING: can’t import layer sebek: No module named sebek
    WARNING: can’t import layer skinny: No module named skinny
    WARNING: can’t import layer smb: No module named smb
    WARNING: can’t import layer snmp: No module named snmp
    WARNING: can’t import layer tftp: No module named tftp
    WARNING: can’t import layer x509: No module named x509
    WARNING: can’t import layer bluetooth: No module named bluetooth
    WARNING: can’t import layer dhcp6: No module named dhcp6
    WARNING: can’t import layer llmnr: No module named llmnr
    WARNING: can’t import layer sctp: No module named sctp
    WARNING: can’t import layer vrrp: No module named vrrp

    I notice that the “library.zip” doesn’t have those files, so i add them to library.zip manually.
    But i still get those error,

    please help me.

  2. sagar says:

    Hi i also got same error can u clearly explain what you added

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s