How to send captured packets to a different destination?
Solution 1
You'll need to use a tool that's capable of replaying pcap files. No special trick to it. An example would tcpreplay. A simple search for "replay pcap file" will turn up even more tools gloriously up to date within the very second that you hit enter in your search engine of choice.
Solution 2
I wanted to capture some SNMP traps and keep them to test my application later. So I don't want to generate traps each time I wanted to test my application. I would like to post how I have done this. Hope this may help someone.
1) Capturing one packet with destination host 192.168.159.149 and port 1620 and saving it to a file
tcpdump -n -c 1 -s 0 dst host 192.168.159.149 and port 1620 -w snmp.pcap -i eth0
2) Reading captured packet
tcpdump -r snmp.pcap -X
3) Changing destination ip, MAC and checksum
tcprewrite --infile=snmp.pcap --outfile=snmp2.pcap --dstipmap=192.168.159.149:192.168.159.150 --enet-dmac=00:0c:29:d6:0f:61 --fixcsum
4) Replaying
tcpreplay --intf1=eth0 snmp2.pcap
Related videos on Youtube
Lakal Malimage
Updated on September 18, 2022Comments
-
Lakal Malimage over 1 year
I have some data packets captured using tcpdump in a pcap file. Now I want to send those packets to a another destination. how I can achieve this?
-
Cameron Kerr about 7 yearsThis was great; I wanted to replay some IPFIX data from a production device into Logstash in a development VM. I did find I needed to rewrite the source address as well, otherwise I ended up with martians in the environment I was trying to replay into. (
echo 1 > /proc/sys/net/ipv4/conf/enp0s8/log_martians
will enable log_martians, which can be a useful troubleshooting tool. Also, if using VirtualBox, ensure you connect via 'Internal Network' and not 'Host Only Networking'. Also worth noting, you must send from a different machine as you capture on, due to limitations in packet injection. -
Hi-Angel over 4 yearsBut how do you do that to nth packet though?