locked
Data replacement in stmedit WFP sample. RRS feed

  • Question

  • Hi all !

    I have a problem with testing stmedit WFP sample.
    I have configured parameters such as

          EditInline      = 0 (out-of-band)
          StringToFind    = "rainy"
          StringToReplace = "sunny"
          InspectionPort  = 1004
          InspectOutbound = = 0

    If <StringToFind> has a equal length with <StringToReplace>, everything works fine.
    But, if <StringToFind> is longer than <StringToReplace>, TCP re-transmissions are generated.
    If the inbound stream amount is small, there is no re-transmission.
    The larger inbound stream indicated, the more re-transmissions are generated.
    At last the connection was reset.

    Here is wireshark log.

        No.     Time           Source                Destination           Protocol Length Info
     -----------------------------------------------------------------------------------------------------------------------------------------------------------
         1 0.000000000    192.168.1.14          192.168.1.48          TCP      66     51802 > 1004 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=16 SACK_PERM=1
          2 0.001022000    192.168.1.48          192.168.1.14          TCP      66     1004 > 51802 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460 WS=16 SACK_PERM=1
          3 0.001109000    192.168.1.14          192.168.1.48          TCP      54     51802 > 1004 [ACK] Seq=1 Ack=1 Win=524288 Len=0
          4 15.663162000   192.168.1.14          192.168.1.48          TCP      566    51802 > 1004 [PSH, ACK] Seq=1 Ack=1 Win=524288 Len=512
          5 15.663213000   192.168.1.14          192.168.1.48          TCP      1590   51802 > 1004 [PSH, ACK] Seq=513 Ack=1 Win=524288 Len=1536
          6 15.663250000   192.168.1.14          192.168.1.48          TCP      1590   51802 > 1004 [PSH, ACK] Seq=2049 Ack=1 Win=524288 Len=1536
          7 15.663283000   192.168.1.14          192.168.1.48          TCP      1590   51802 > 1004 [PSH, ACK] Seq=3585 Ack=1 Win=524288 Len=1536
          8 15.663318000   192.168.1.14          192.168.1.48          TCP      774    51802 > 1004 [PSH, ACK] Seq=5121 Ack=1 Win=524288 Len=720
          9 15.664350000   192.168.1.48          192.168.1.14          TCP      60     1004 > 51802 [ACK] Seq=1 Ack=1973 Win=524288 Len=0
         10 15.664377000   192.168.1.14          192.168.1.48          TCP      2974   51802 > 1004 [PSH, ACK] Seq=5841 Ack=1 Win=524288 Len=2920
         11 15.664716000   192.168.1.48          192.168.1.14          TCP      60     1004 > 51802 [ACK] Seq=1 Ack=3509 Win=524288 Len=0
         12 15.664732000   192.168.1.14          192.168.1.48          TCP      2974   51802 > 1004 [PSH, ACK] Seq=8761 Ack=1 Win=524288 Len=2920
         13 15.665072000   192.168.1.48          192.168.1.14          TCP      60     1004 > 51802 [ACK] Seq=1 Ack=5045 Win=524288 Len=0
         14 15.665072000   192.168.1.48          192.168.1.14          TCP      60     1004 > 51802 [ACK] Seq=1 Ack=5841 Win=523488 Len=0
         15 15.665091000   192.168.1.14          192.168.1.48          TCP      5894   51802 > 1004 [PSH, ACK] Seq=11681 Ack=1 Win=524288 Len=5840
         16 15.665988000   192.168.1.48          192.168.1.14          TCP      60     1004 > 51802 [ACK] Seq=1 Ack=8761 Win=524288 Len=0
         17 15.665988000   192.168.1.48          192.168.1.14          TCP      60     1004 > 51802 [ACK] Seq=1 Ack=11681 Win=524288 Len=0
         18 15.666009000   192.168.1.14          192.168.1.48          TCP      11734  51802 > 1004 [PSH, ACK] Seq=17521 Ack=1 Win=524288 Len=11680
         19 15.666681000   192.168.1.48          192.168.1.14          TCP      60     1004 > 51802 [ACK] Seq=1 Ack=14601 Win=524288 Len=0
         20 15.666682000   192.168.1.48          192.168.1.14          TCP      60     1004 > 51802 [ACK] Seq=1 Ack=17521 Win=524288 Len=0
         21 15.666707000   192.168.1.14          192.168.1.48          TCP      11734  51802 > 1004 [PSH, ACK] Seq=29201 Ack=1 Win=524288 Len=11680
         22 15.667013000   192.168.1.48          192.168.1.14          TCP      60     1004 > 51802 [ACK] Seq=1 Ack=20441 Win=524288 Len=0
         23 15.667027000   192.168.1.14          192.168.1.48          TCP      5894   51802 > 1004 [PSH, ACK] Seq=40881 Ack=1 Win=524288 Len=5840
         24 15.667346000   192.168.1.48          192.168.1.14          TCP      60     1004 > 51802 [ACK] Seq=1 Ack=23361 Win=524288 Len=0
         25 15.667359000   192.168.1.14          192.168.1.48          TCP      5894   51802 > 1004 [PSH, ACK] Seq=46721 Ack=1 Win=524288 Len=5840
         26 15.667679000   192.168.1.48          192.168.1.14          TCP      60     1004 > 51802 [ACK] Seq=1 Ack=26281 Win=524288 Len=0
         27 15.667695000   192.168.1.14          192.168.1.48          TCP      5894   51802 > 1004 [PSH, ACK] Seq=52561 Ack=1 Win=524288 Len=5840
         28 15.668012000   192.168.1.48          192.168.1.14          TCP      60     1004 > 51802 [ACK] Seq=1 Ack=29201 Win=524288 Len=0
         29 15.668029000   192.168.1.14          192.168.1.48          TCP      5894   51802 > 1004 [PSH, ACK] Seq=58401 Ack=1 Win=524288 Len=5840
         30 15.668344000   192.168.1.48          192.168.1.14          TCP      60     1004 > 51802 [ACK] Seq=1 Ack=32121 Win=524288 Len=0
         31 15.668358000   192.168.1.14          192.168.1.48          TCP      5894   51802 > 1004 [PSH, ACK] Seq=64241 Ack=1 Win=524288 Len=5840
         32 15.668678000   192.168.1.48          192.168.1.14          TCP      60     1004 > 51802 [ACK] Seq=1 Ack=35041 Win=524288 Len=0
         33 15.668678000   192.168.1.48          192.168.1.14          TCP      60     1004 > 51802 [ACK] Seq=1 Ack=37961 Win=524288 Len=0
         34 15.668698000   192.168.1.14          192.168.1.48          TCP      11734  51802 > 1004 [PSH, ACK] Seq=70081 Ack=1 Win=524288 Len=11680
         35 15.671890000   192.168.1.48          192.168.1.14          TCP      60     1004 > 51802 [ACK] Seq=1 Ack=75921 Win=524288 Len=0
         36 15.671890000   192.168.1.48          192.168.1.14          TCP      60     1004 > 51802 [ACK] Seq=1 Ack=78841 Win=524288 Len=0
         37 15.671965000   192.168.1.14          192.168.1.48          TCP      49694  51802 > 1004 [PSH, ACK] Seq=81761 Ack=1 Win=524288 Len=49640
         38 15.682716000   192.168.1.48          192.168.1.14          TCP      60     1004 > 51802 [ACK] Seq=1 Ack=131401 Win=524288 Len=0
         39 15.682789000   192.168.1.14          192.168.1.48          TCP      14281  51802 > 1004 [PSH, ACK] Seq=131401 Ack=1 Win=524288 Len=14227
         40 15.984308000   192.168.1.14          192.168.1.48          TCP      1514   [TCP Retransmission] 51802 > 1004 [PSH, ACK] Seq=131401 Ack=1 Win=524288 Len=1460
         41 15.985275000   192.168.1.48          192.168.1.14          TCP      66     [TCP Dup ACK 38#1] 1004 > 51802 [ACK] Seq=1 Ack=131401 Win=524288 Len=0 SLE=131401 SRE=132861
         42 16.584309000   192.168.1.14          192.168.1.48          TCP      1514   [TCP Retransmission] 51802 > 1004 [PSH, ACK] Seq=131401 Ack=1 Win=524288 Len=1460
         43 16.585239000   192.168.1.48          192.168.1.14          TCP      66     [TCP Dup ACK 38#2] 1004 > 51802 [ACK] Seq=1 Ack=131401 Win=524288 Len=0 SLE=131401 SRE=132861
         44 17.784336000   192.168.1.14          192.168.1.48          TCP      590    [TCP Retransmission] 51802 > 1004 [PSH, ACK] Seq=131401 Ack=1 Win=524288 Len=536
         45 17.785042000   192.168.1.48          192.168.1.14          TCP      66     [TCP Dup ACK 38#3] 1004 > 51802 [ACK] Seq=1 Ack=131401 Win=524288 Len=0 SLE=131401 SRE=131937
         46 18.984877000   192.168.1.14          192.168.1.48          TCP      590    [TCP Retransmission] 51802 > 1004 [PSH, ACK] Seq=131401 Ack=1 Win=524288 Len=536
         47 18.985585000   192.168.1.48          192.168.1.14          TCP      66     [TCP Dup ACK 38#4] 1004 > 51802 [ACK] Seq=1 Ack=131401 Win=524288 Len=0 SLE=131401 SRE=131937
         48 20.185723000   192.168.1.14          192.168.1.48          TCP      1514   [TCP Retransmission] 51802 > 1004 [PSH, ACK] Seq=131401 Ack=1 Win=524288 Len=1460
         49 20.186649000   192.168.1.48          192.168.1.14          TCP      66     [TCP Dup ACK 38#5] 1004 > 51802 [ACK] Seq=1 Ack=131401 Win=524288 Len=0 SLE=131401 SRE=132861
         50 22.585988000   192.168.1.14          192.168.1.48          TCP      1514   [TCP Retransmission] 51802 > 1004 [PSH, ACK] Seq=131401 Ack=1 Win=524288 Len=1460
         51 22.586936000   192.168.1.48          192.168.1.14          TCP      66     [TCP Dup ACK 38#6] 1004 > 51802 [ACK] Seq=1 Ack=131401 Win=524288 Len=0 SLE=131401 SRE=132861
         52 27.386826000   192.168.1.14          192.168.1.48          TCP      1514   [TCP Retransmission] 51802 > 1004 [PSH, ACK] Seq=131401 Ack=1 Win=524288 Len=1460
         53 27.387759000   192.168.1.48          192.168.1.14          TCP      66     [TCP Dup ACK 38#7] 1004 > 51802 [ACK] Seq=1 Ack=131401 Win=524288 Len=0 SLE=131401 SRE=132861
         54 36.987729000   192.168.1.14          192.168.1.48          TCP      54     51802 > 1004 [RST, ACK] Seq=132861 Ack=1 Win=0 Len=0

    I want to know how can I increase or decrease inbound stream.

    Thanks in advice.

    Friday, January 30, 2015 2:08 AM