How to send captured packets to a different destination?

linux-networking wireshark tcpdump tshark
23,513

Solution 1

You'll need to use a tool that's capable of replaying pcap files. No special trick to it. An example would tcpreplay. A simple search for "replay pcap file" will turn up even more tools gloriously up to date within the very second that you hit enter in your search engine of choice.

Solution 2

I wanted to capture some SNMP traps and keep them to test my application later. So I don't want to generate traps each time I wanted to test my application. I would like to post how I have done this. Hope this may help someone.

1) Capturing one packet with destination host 192.168.159.149 and port 1620 and saving it to a file

tcpdump -n -c 1 -s 0 dst host 192.168.159.149 and port 1620 -w snmp.pcap -i eth0

2) Reading captured packet 

tcpdump -r snmp.pcap -X

3) Changing destination ip, MAC and checksum

tcprewrite --infile=snmp.pcap --outfile=snmp2.pcap --dstipmap=192.168.159.149:192.168.159.150 --enet-dmac=00:0c:29:d6:0f:61 --fixcsum

4) Replaying 

tcpreplay --intf1=eth0 snmp2.pcap
Share:
23,513

Related videos on Youtube

Lakal Malimage
Author by

Lakal Malimage

Updated on September 18, 2022

Comments

  • Lakal Malimage
    Lakal Malimage over 1 year

    I have some data packets captured using tcpdump in a pcap file. Now I want to send those packets to a another destination. how I can achieve this?

  • Cameron Kerr
    Cameron Kerr about 7 years
    This was great; I wanted to replay some IPFIX data from a production device into Logstash in a development VM. I did find I needed to rewrite the source address as well, otherwise I ended up with martians in the environment I was trying to replay into. (echo 1 > /proc/sys/net/ipv4/conf/enp0s8/log_martians will enable log_martians, which can be a useful troubleshooting tool. Also, if using VirtualBox, ensure you connect via 'Internal Network' and not 'Host Only Networking'. Also worth noting, you must send from a different machine as you capture on, due to limitations in packet injection.
  • Hi-Angel
    Hi-Angel over 4 years
    But how do you do that to nth packet though?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Use Tshark to view json data
What do "Unknown SSAP" and "Unknown DSAP" mean in tcpdump?
TCP Server sends [ACK] followed by [PSH,ACK]
Export raw packet bytes in tshark, tcpdump, or similar?
Parsing large tcpdump files in python
frame contains "\x03\x00\x0e\xa8" display filter in wireshark displays packets not containing these bytes
Parsing pcap taken from wireshark file using - Java
tcpdump read both ipv4 and ipv6 packets from pcap
Capture packets on Asus router
tcpdump - just packet data