Wireshark mailing list archives

Re: Dump forwarding


From: luca paganotti <luca.paganotti () gmail com>
Date: Mon, 19 Nov 2018 16:31:16 +0100

Hi all, it seems that tcpreplay-edit does the trick  ...

After issuing the following comand line wireshark can capture my network
UDP flow after the destination address has been rewritten:

sudo tcpreplay-edit -i eth0 -N X.X.X.X/NN:Y.Y.Y.Y,Z.Z.Z.Z/MM:D.D.D.D <my
.pcapng file>

where

X.X:X.X is the original source address and NN its netmask
Y.Y.Y.Y is X.X.X.X substitute
Z.Z.Z.Z is the original destination address and MM its netmask
and finally

D.D.D.D is an address I own and control that substitutes Z.Z.Z.Z

<my .pcapng file> is my dump file.

with this settings the respective ports are preserved but they could be
changed as well using the -r switch (or so I think it would be possible ...)

Now I have only to write something that reads my packets, or at least I
hope so ...

Thank you all for helping me with precious advices.

Have a nice day :-)



----------------------------------------------------------------
-- luca.paganotti () gmail com
-- https://github.com/lucapaganotti
-- sourceforge email:
-- lucapaganotti () users sourceforge net
-- skype name: luca.paganotti
[image: http://it.linkedin.com/in/lucapaganotti]
<http://it.linkedin.com/in/lucapaganotti>
-- Mastodon: l <https://www.facebook.com/luca.paganotti.66>
ucapaganotti () fosstodon org
-- ---------------------------------------------------------------
-- Mistakes are portals of discovery - JAAJ
--- --------------------------------------------------------------


On Mon, Nov 19, 2018 at 3:58 PM Luc Dandoy <luc.dandoy () gmail com> wrote:

Hello


On 19 Nov 2018, at 15:36, luca paganotti <luca.paganotti () gmail com>
wrote:

Ok, tcpreplay is usefull to get the same packets flow, by the way I
would like to redirect the dumped packets to specific IP address and port
to be able to read and manage this flow. tcpreplay seems to exactly mimic
the dumped flow between source and destination address/port dumped in the
file. Is there a way to redirect packets where I want them to go?


Maybe you can use first tcprewrite (
http://tcpreplay.synfin.net/wiki/tcprewrite ), to modify the capture
(source and destination IP/port)

Then replay the resulting pcap file with tcpreplay.


Regards,

Dandoy Luc

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org
?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread: