-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
How to use Packet Replay?
05/06/2020 
8 People found this article helpful
466,395 Views
Description
The Packet Replay is a new feature available in Sonic OS 6.5 and later.
This feature helps in packet crafting and packet replay which can be used to generate packets with specific headers and payload on the firewall or regenerate a certain set of traffic already captured earlier either on the firewall or externally.
This can be utilized to re-create scenarios that are intermittent and are not reproducible in real-time and monitored on the firewall for troubleshooting purposes. Also, this is helpful in generating certain types of packets and checking the behavior of the firewall or an internal device.
Resolution
You can navigate to Investigate | Packet Replay to use this feature.
There are three different sections under this.
- Single Packet: Craft or replay a single packet with specific headers and payload.
- PCAP file: Uupload a PCAP file and replay the PCAP file on selected interfaces.
- Captured Packets: Replayed packets are captured in an individual buffer and presented here similar to the regular captured packets.
SIngle packet crafting:
EXAMPLE: Sending a DNS packet to Google DNS: 8.8.8.8 from the X0 IP: 192.168.168.168 and checking how the firewall responds to the same.
You can use any receiving interface except for WAN Interfaces. All the fields can be filled as per the scenario we are testing.
The following warning message shows up and let's you know that it can interfere with the existing connections.
You can click OK and check the status of the packets under Investigate | Packet Replay | Captured Packets.
The packets show a status of terminated as this traffic is intended for the Internet and we cannot replay packets between LAN and WAN.
Single Packet Buffer:
- Provide the packet to replay by inputting the hex dump of the packet.
- Hex dump of any packet can be copied from Wireshark and pasted in the Packet Buffer input box.
- Hex dump is a complete packet with an Ethernet header without CRC.
Pcap File:
- Replayed packets are provided from a Pcap format file such that packets after IP or MAC filtering are replayed on specified receiving interfaces.
- Any subset of packets within the pcap file can be selected by specifying the IP/MAC address and only these packets would be replayed.
- To define by IP:
- Navigate to Tools | Packet Replay on the INVESTIGATE view
- Click Pcap File.
- Select IP in the Type field. Two IP filters are provided.
- For each IP filter complete the following fields:
Field Definition IP Address Type in the destination address to be looked up. Receiving Interface Select the receiving interface from the drop‐down menu. The IP packets
that have the above‐listed destination address are assume to arrive from
the interface selected in this field.New IP Address If enabled (the box is checked), the new IP address listed in this field
replaces the filtered destination IP address when replaying the packets. - Click Browse to search for and select a Pcap file to be replayed.
- Click UPLOAD to upload the selected file.
- Click REPLAY to replay the packets in the uploaded Pcap file.
- When done, click DELETE to delete the uploaded file.
2. To define by MAC: - Navigate to Tools | Packet Replay on the INVESTIGATE view.
- Click Pcap File.
- Select MAC in the Type field. Two MAC filters are provided.
- For each IP filter complete the following fields:
Field Definition MAC Address Type in the destination address to be looked up. Receiving Interface Select the receiving interface from the drop‐down menu. The packets that
have the above‐listed destination MAC address are assumed to arrive from
the interface selected in this field.New IP Address If enabled (the box is checked), the new IP address listed in this field
replaces the filtered destination IP address when replaying the packets. - Click Browse to search for and select a Pcap file to be replayed.
- Click UPLOAD to upload the selected file.
- Click REPLAY to replay the packets in the uploaded Pcap file.
- When done, click DELETE to delete the uploaded file.
Captured, replayed packets are displayed on the Captured Packets option. Navigate to Tools | Packet Replay on the INVESTIGATE view and click Captured Packets.
You have options to clear, refresh, and export the captured replayed packets. The fields here are the same as the packet monitor fields. You can also view the Packet detail and Hex dump like the packet monitor section.
Related Articles
- How to access a more specific network over VPN tunnel while having another Route All VPN policy
- How to limit bandwidth usage when playing YouTube videos using App Rules
- SonicWall TZ80 In-Product settings migration
Categories
- Firewalls > SonicWall NSA Series
- Firewalls > SonicWall SuperMassive 9000 Series
- Firewalls > SonicWall SuperMassive E10000 Series
- Firewalls > TZ Series
YES
NO