In Windows OS, there is a program called "Packet Builder" by ColaSoft. This program has a function to retrieve and retransmit packets captured in Wireshark. I am trying to do the same in Kali Linux. How can I do this?
Asked
Active
Viewed 191 times
1 Answers
0
low-level: using a bog-normal socket, probably of AF_PACKET protocol family to allow you to transmit arbitrary content.
high-level: tcpreplay is what I used to do before.
Marcus Müller
- 34,677
- 4
- 53
- 94
-
Presumably you meant `PF_PACKET` rather than `AF_SOCKET` (or `PF_SOCKET` - "PF" stands for "protocol family", whereas "AF" stands for "address family", but the AF_ and PF_ values with similar names have the same numeric value). – user16139739 Nov 09 '21 at 04:59
-
And note that libpcap has had the `pcap_inject()` and `pcap_sendpacket()` routines to send packets using whatever mechanism the OS on which you're running uses. – user16139739 Nov 09 '21 at 05:01
-
But letting `tcpreplay` do the work for you, as suggested by Markus Müller, is much less work than writing your *own* code to read a pcap file and inject packets. – user16139739 Nov 09 '21 at 05:03
-
@user16139739 I meant `AF_PACKET`, actually, thanks! (`PF_PACKET` is news to me, `man 2 socket` says `AF_PACKET` is the right thing) – Marcus Müller Nov 09 '21 at 10:05
-
Presumably the Berkeley folks wanted to decouple protocol and address families to allow a protocol family to support multiple address families or to allow multiple protocol families to use the same address family. In practice, that didn't happen, and `PF_xxx` had the same value as `AF_xxx` for all values of "xxx". The POSIX spec doesn't even define any `PF_` values, just `AF_` values, so I guess the `PF_` values are only for backwards source compatibility. – user16139739 Nov 09 '21 at 20:29