5

I am writing a program for analyzing certain type of packets. I got the dump file containing test packets in tcpdump format. is there any way to send this dump into one of the interfaces? I thought tcpdump would be able to do this on its own (unfortunately it isn't). Only thing I managed to do is to look at packets via wireshark (which obviously isn't the way to go).

I could use libpcap function pcap_open_offline(), unfortunately I use pcap_loop() which doesn't seem to work with pcap_open_offline() and rewriting code to pcap_next() would be very painful. Is there any program that could send packets to the interface?

unwind
  • 391,730
  • 64
  • 469
  • 606
Blackie123
  • 1,271
  • 4
  • 16
  • 22

2 Answers2

11

Did you try to take a look to tcpreplay that is done to :

Replay network traffic stored in pcap files

Cédric Julien
  • 78,516
  • 15
  • 127
  • 132
  • thank you, I wasn't aware of this program and didn't find it by searching. It helped me solve the bug. Thanks! – Blackie123 Dec 07 '11 at 10:08
0

Newer versions of libpcap provide a pcap_inject() function that can be used to write packets back out.

You can see someone's testing program to use pcap_inject() over on UbuntuForums.

sarnold
  • 102,305
  • 22
  • 181
  • 238