Is there a Windows tool for capture and playback of modified UDP packets?
https://stackoverflow.com/questions/360889
-
21-08-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'm looking for a tool (or a set of tools) for Windows that will perform the following:
- Capture UDP packets from a specific network interface to a file.
- Play a stream of packets from a file through a network interface.
- In addition to 2: replay the original packets to a different host than the original one.
I've already got 1 and 2, but I can't find a tool to do 3.
For capturing I can use Wireshark, for playback Colasoft Packet Player, but I couldn't find a way to change the host the packets are sent to.
The tool should work on Windows XP SP2/3.
Solution
The BitTwist (http://bittwist.sourceforge.net) editor commandline program (bittwiste) allows you to change the destination IP address (and port number) amongst other things.
See a similar question (and worked answer) at the Super User site: Replay UDP Packet Capture
OTHER TIPS
You mention Colasoft Packet Player and it sounded like a useful tool, so I checked it out. While checking their site I found they also have Packet Builder.
It seems this tool can import pcap files (and some other formats) and edit them. It can then export the edited packets again, but only to Colasoft Capsa Packet files (Colasoft's own capture file format). But that should not be a problem as Packet Player is be able to read their own format.
Unfortunately it seems there is no way to edit multiple packets at the same time, so it's a tedious process to edit a lot of packets.
I use a hex editor to do a global search and replace on the PCAP file to change the destination MAC and IP. For Unicast you need to change both - not just the IP.
You could change more than the addresses, but for quick-n-dirty it's OK.
Bork Blatt mentioned Ethereal, which has been renamed to Wireshark for various reasons, so go to the new site directly. I've never tried editing packets in Wireshark, but you do get the option to save out the packets so you can work with the files offline to change the packets. Do get started with this, check out the libpcap file format documentation.
I've found out that the tcprewrite tool provides editing capabilities to .pcap files. Unfortunately, it does not support Windows.
for visual inspection you can use wire shark tool but you need advanced tool then use wpdpack libraries. It is available in this site.
https://www.winpcap.org/devel.htm
Similar like wire shark you can capture using TestPacketCapture visual studio solution.
