I’m trying to understand tcpreplay and what actually happens when a pcap is replayed. I understand it to be stateless and that if malware is extracted from the pcap then that would be dangerous if executed but what about c2 traffic or malware traffic? Does the traffic get replayed outside of my internal network? Are the destinations in the pcap actually hit?
Thanks in advance for the help!
No comments:
Post a Comment