Wireshark-users: Re: [Wireshark-users] Reproducing Server Packets Locally

From: "Andrew Becker" <abecks@xxxxxxxxx>
Date: Sat, 13 Dec 2008 08:07:07 -0800
Thanks Jaap,

I got Bittwist working perfectly, thanks for that URL. I just need to find a way to redirect all the packets sent to the server, to localhost.

I have looked into using so many different apps in the last few hours my head is spinning, all with no successes. I have tried: Editing the packets in real time from WPE (problem is, the program sends out packets as SOON as it launches, and WPE can only filter packets when you specify the EXE and the EXE has to already be running, by that time, its too late).

I have installed WIPFW to try IP prerouting, but the current version of WIPFW doesn't support it, and the documentation isn't complete. (Not the mention the Sourceforge forum doesnt have a search feature - wtf?).

I have looking into rerouting the traffic using my router, but my $100 DLINK router doesn't support it.

I know this is possible in Linux with iptables prerouting, I haven't been able to find a Windows equivalent. I am now trying to find a way to edit the packets in realtime to change the destination IP to my local network IP.

Any suggestions would be greatly appreciated.

Thanks,
Andrew

On Fri, Dec 12, 2008 at 11:50 PM, Jaap Keuter <jaap.keuter@xxxxxxxxx> wrote:
Hi,

Have you checked out http://wiki.wireshark.org/Tools

Thanx,
Jaap

Andrew Becker wrote:
> Hi there,
>
> I am using Wireshark to monitor the HTTP & TCP connections of a program
> on my computer. My goal is to be able to handle the communication
> between the client and server locally, by getting rid of the server and
> faking the server locally.
>
> I was wondering what programs you would recommend for capturing and
> reproducing the packet communication of a program. Is there any server
> software that will allow me to create a 'fake' server locally, thus
> tricking my client into thinking its communicating with the server, when
> it isn't.
>
>
> Any help would be greatly appreciated.
>

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe