How to send captured packets to a different destination?

Question

I have some data packets captured using tcpdump in a pcap file. Now I want to send those packets to a another destination. how I can achieve this?

score 18 · Answer 1 · answered Dec 19 '15 at 10:31

18

I wanted to capture some SNMP traps and keep them to test my application later. So I don't want to generate traps each time I wanted to test my application. I would like to post how I have done this. Hope this may help someone.

1) Capturing one packet with destination host 192.168.159.149 and port 1620 and saving it to a file

tcpdump -n -c 1 -s 0 dst host 192.168.159.149 and port 1620 -w snmp.pcap -i eth0

2) Reading captured packet

tcpdump -r snmp.pcap -X

3) Changing destination ip, MAC and checksum

tcprewrite --infile=snmp.pcap --outfile=snmp2.pcap --dstipmap=192.168.159.149:192.168.159.150 --enet-dmac=00:0c:29:d6:0f:61 --fixcsum

4) Replaying

tcpreplay --intf1=eth0 snmp2.pcap

answered Dec 19 '15 at 10:31

Lakal Malimage

486
1
4
10

1

This was great; I wanted to replay some IPFIX data from a production device into Logstash in a development VM. I did find I needed to rewrite the source address as well, otherwise I ended up with martians in the environment I was trying to replay into. (`echo 1 > /proc/sys/net/ipv4/conf/enp0s8/log_martians` will enable log_martians, which can be a useful troubleshooting tool. Also, if using VirtualBox, ensure you connect via 'Internal Network' and not 'Host Only Networking'. Also worth noting, you must send from a different machine as you capture on, due to limitations in packet injection. – Cameron Kerr Apr 23 '17 at 21:06
But how do you do that to nth packet though? – Hi-Angel Dec 22 '19 at 16:59

Wesley · Accepted Answer · 2015-12-19T05:51:10.683

2

You'll need to use a tool that's capable of replaying pcap files. No special trick to it. An example would tcpreplay. A simple search for "replay pcap file" will turn up even more tools gloriously up to date within the very second that you hit enter in your search engine of choice.

edited Dec 19 '15 at 05:51

answered Dec 19 '15 at 05:32

Wesley

32,690
9
82
117

I tried replaying some captured packets using tcpreplay-edit, however my socket application is unable to see the replayed udp packets. is this normal?? How can i overcome this? – experiment unit 1998X May 23 '23 at 08:32
@experimentunit1998X did you find a way to retreive data to your socket program? – Recursive Jun 20 '23 at 22:15

How to send captured packets to a different destination?

2 Answers2