Wireshark-users: Re: [Wireshark-users] Dump forwarding

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: luca paganotti <luca.paganotti@xxxxxxxxx>
Date: Mon, 19 Nov 2018 16:31:16 +0100
Hi all, it seems that tcpreplay-edit does the trick  ...

After issuing the following comand line wireshark can capture my network UDP flow after the destination address has been rewritten:

sudo tcpreplay-edit -i eth0 -N X.X.X.X/NN:Y.Y.Y.Y,Z.Z.Z.Z/MM:D.D.D.D <my .pcapng file>

where

X.X:X.X is the original source address and NN its netmask
Y.Y.Y.Y is X.X.X.X substitute
Z.Z.Z.Z is the original destination address and MM its netmask
and finally

D.D.D.D is an address I own and control that substitutes Z.Z.Z.Z

<my .pcapng file> is my dump file.

with this settings the respective ports are preserved but they could be changed as well using the -r switch (or so I think it would be possible ...)

Now I have only to write something that reads my packets, or at least I hope so ...

Thank you all for helping me with precious advices.

Have a nice day :-)



------------------------------------------------------------------ sourceforge email:
-- lucapaganotti@xxxxxxxxxxxxxxxxxxxxx
-- skype name: luca.paganotti
http://it.linkedin.com/in/lucapaganotti
-- Mastodon: lucapaganotti@xxxxxxxxxxxxx
-- ---------------------------------------------------------------
-- Mistakes are portals of discovery - JAAJ
--- --------------------------------------------------------------


On Mon, Nov 19, 2018 at 3:58 PM Luc Dandoy <luc.dandoy@xxxxxxxxx> wrote:
Hello


> On 19 Nov 2018, at 15:36, luca paganotti <luca.paganotti@xxxxxxxxx> wrote:
>
> Ok, tcpreplay is usefull to get the same packets flow, by the way I would like to redirect the dumped packets to specific IP address and port to be able to read and manage this flow. tcpreplay seems to exactly mimic the dumped flow between source and destination address/port dumped in the file. Is there a way to redirect packets where I want them to go?
>

Maybe you can use first tcprewrite ( http://tcpreplay.synfin.net/wiki/tcprewrite ), to modify the capture (source and destination IP/port)

Then replay the resulting pcap file with tcpreplay.


Regards,

Dandoy Luc

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe