5Greplay command uses the following form:
- command is one of the following:
- option : run “./5greplay command -h” to get option of each command, for example,
./5greplay replay -h
This command parses rules in an .xml file, then compile to a plugin .so file.
This command has 3 parameters:
- output location: it should be ended by
.cwhen generating binary or code C respectively
- input xml file containing rules to be compiled
-cto generate code C, or any string that will be transfer to gcc compilation.
To be able to compile a rule, you should install gcc:
sudo apt install gcc
#to generate .so file ./5greplay compile rules/forward-localhost.so rules/forward-localhost.xml #to generate code c (for debug) ./5greplay compile rules/forward-localhost.c rules/forward-localhost.xml -c
To compile all rules existing in the folder
rules, use the following command:
This command prints information of rules encoded in a binary file (.so).
This command has one optional parameter. When it is ignored, all rules inside
rules folder will be visited.
Otherwise if it is present and points to a .so rule file, then only rules inside the file will be visited.
#print information of all available plugins ./5greplay info #print information of rules encoded in `rules/nas-smc-replay-attack.so` ./5greplay info rules/nas-smc-replay-attack.so
This command lists all protocols and their attributes supported by 5Greplay. This command has no parameter.
This command is available from v0.0.2.
It is used to extract values of a given protocol’s attribute from a pcap file or NIC. This is helpful when we want to see what we have inside packets of a pcap file, for example.
./5greplay extract -h mmt-5greplay: 5Greplay v0.0.2-319c69b using DPI v188.8.131.52 (a8ad3c2) is running on pid 28283 extract [<option>] Option: -t <trace file>: Gives the trace file to analyse. -i <interface> : Gives the interface name for live traffic analysis. Either -i or -t can be used but not both. -p : Protocol's name to be extracted. Default: ethernet -a : Attribute's attribute to be extracted. Default: src -d : Index of protocol to extract. For example: ETH.IP.UDP.GTP.IP, if d=3 (or ignored) IP after ETH, d=6 represent IP after GTP. Default: 0 -r : ID of protocol stack. Default: 1 -h : Prints this help then exit
This command can replay
- either real-time traffic by capturing traffic from a given NIC,
- or traffic saved in a pcap file.
#Get list of parameters ./5greplay replay -h ./5greplay replay [<options>] Option: -v : Print version information, then exits. -c <config file> : Gives the path to the configuration file (default: ./5greplay.conf). -t <trace file> : Gives the trace file for offline analyse. -i <interface> : Gives the interface name for live traffic analysis. -X attr=value : Override configuration attributes. For example "-X output.enable=true -Xoutput.output-dir=/tmp/" will enable output to file and change output directory to /tmp. This parameter can appear several times. -x : Prints list of configuration attributes being able to be used with -X, then exits. -h : Prints this help, then exits. #Note: you may want to change parameters inside mmt-5greplay.conf #replay online traffic comming from eth0 sudo ./5greplay replay -i eth0 #replay offline traffic being stored inside a pcap file sudo ./5greplay replay -t ~/pcap/5G-traffic.pcap