When creating the replay.py script, I have used the code from these pyrt modules to parse the packets from a given dump file and replay them - that is send it back to the given layer 2 address - which can be the multicast address for level 1 ISIS routers, the multicast layer 2 address for level 2 ISIS routers, or an unicast address (by default, the original source address becomes destination address). So basicaly, what I have done is :
1. read all the packages from the dump file
2. take each package which matches the filter - there can be multiple filters - the message type (the default message type to be replayed is the CSNP packets, which contain the necessary information to recreate the topology from scratch), the area-id, etc - and another filters can be easily added.
3. send the package back on a multicast address or to an unicast address
here is how the help option now shows when I run ./replay.py -h (or --help):
gabi@gsoc13:~/isis_tool/isis$ ./replay.py --help
Usage: replay.py [ options ]:
-h|--help : Help
-v|--verbose : Be verbose
-t|--type : ISIS Message type
0: "NULL",
2: "ESH",
4: "ISH",
6: "RD",
15: "L1LANHello",
16: "L2LANHello",
17: "PPHello",
18: "L1LSP",
20: "L2LSP",
24: "L1CSN",
25: "L2CSN",
26: "L1PSN",
27: "L2PSN",
-a|--area-addr : set the area address to which this IS belongs
--device : Set the device to send on the replayed packets
-f|--file : Set file name to parse (def: mrtd.mrtd)
Let's try replay-ing the CSNP packets found in a dump file.
This is the most basic way the script can be called:
sudo ./replay.py -f mrtd.mrtd.2013-07-31_21.45.16 -t 24
the "-t 24" filter is optional in the case for csnp packets, since this is the default message type which the script is set to run.
While the script runs and matches the csnp packets from the dump file, I run separately a tcpdump on the eth0 device (the default one, on which the packets are retransmitted). This is how the results look in wireshark, when running"
gabi@gsoc13:~$ sudo tcpdump -i eth0 -s 0 -w capture_file isis
Currently, I am working on allowing more filters to be added, and to check whether the actual packets which are read from the dump file came from a remote router or from another local interface.