How to replay tcpdump captured packets

This is often the case in the development work. when I work with my colleagues, the other party sends a test package and uses tcpdump here? Xlnsp0 caught the package, but the program results are incorrect. debug, modify, and test again. then, let the colleague send one? If it is incorrect, this is slow. if a tool automatically captures tcpdump

This is often the case in the development work. when debugging with colleagues, the other party sends a test package.Tcpdump? Xlnsp0 caught the package, but the program results are incorrect. debug, modify, and test again. then, let the colleague send one? If it is incorrect, this process is slow. if a tool automaticallyTcpdumpIf the captured content is sent again, it will be OK.

The problem is, for example, using tcpdump? Xlnps0 captures a udp packet and uses the tool to resend the packet.

Tcpdump? The packet captured by Xlnps0 is usually like this.

10:57:00. 095166 IP 10.133.1.147.59278> 10.128.0.44.20.88: UDP, length 162

0x0000: 45366be 0000 4000 3b11 286c 0a85 0193 E ...... @; (l ....

0x0010: 0a80002c e78e 2a88 00aa 4e28 0a00 a200...,... *... N (....

0x0020: 05050113 c266 0200 0000 0000 0000 ...... f ..........

0x0030: 00000000 0000 0000 0000 0000 0000 ................

0x0040: 0a85018b 0000 0000 0000 0000 0000 0000 ................

0x0050: 00000000 0000 0000 06ad 509b 009c bc49 ...... P ...... I

0x0060: 6e000000 0000 0000 0000 0000 0000 n ...............

0x0070: 00000000 0000 13c2 6602 0000 0000 0000 ...... f .......

0x0080: 00000000 0000 0000 0000 0000 0000 ................

0x0090: 00000000 0000 0000 0000 0000 0019 ...... X

0x00a0: 00e4e9fb 0100 0a40 6476 4737 7230 7a78 ...... @ dvG7r0zx

0x00b0: 63000000 001c 6b0d aa00 0000 0003 c ...... k .......

A brief analysis shows the destination ip address, port, and udp packet length from the first line. data is collected from the second line, ip address header (20 bytes), and udp packet header (8 bytes ), udp datagram content. you need to obtain the data and enter it in the program. then, the program sends the data packet.

Therefore, shell is used to construct a script, store the content obtained by tcpdump to the dump file, and run the script to get a test. c program, compile and run (you can also put this step in the script ).

The script is as follows:

#! /Bin/bash

File = dump

Addr = 'head-1 $ {file} | cut-d'> '-f2 | cut-d ":"-f1 | tr-D '''

Length = 'head-1 $ {file} | grep-o "\ <[0-9] \ + \> $ "'

Ip = 'echo $ {addr} | awk-F. '{print $1 "." $2 "." $3 "." $4 }''

Port = 'echo $ {addr} | cut-d "."-f5'

Line = 'WC-l $ {file} | cut-D'-F1'

Tail-$ ($ {line}-1 )) $ {file} | cut-B 18-56 | tr ''' \ n' | sed "/^ $/d" | awk '{print "0x" substr ($, 2) ","} (length ($1)> 2) {print "0x" substr ($1, 4) ","} '> tmp

Line = 'WC-l tmp | cut-d' '-F1'

Content = 'tail-$ ($ {line}-28) tmp'

If [-e test. c]

Then

Rm test. c

Fi

Cat head> test. c

Echo-e "\ tint bytes_to_send =$ {length};"> test. c

Echo-e "\ tchar ip [] = \" $ {ip} \ ";"> test. c

Echo-e "\ tint port =$ {port};"> test. c

Echo-e "\ tchar dump [] ={$ {content }};"> test. c

Cat tail> test. c

Echo output test. c

The head and tail used are part of a normal package program. by analyzing the content obtained by tcpdump, the program is filled with appropriate parameters to generate a new package program.

Head:

# Include

# Include

# Include

# Include

# Include

# Include

# Include

Int main (int argc, char ** argv)

{

Tail:

Struct sockaddr_inservaddr;

Memset (& servaddr, 0, sizeof (servaddr ));

Servaddr. sin_family = AF_INET;

Servaddr. sin_port = htons (uint16_t) port );

If (inet_ton (AF_INET, ip, & servaddr. sin_addr) <= 0)

{

Perror ("servaddr error ");

Exit (-1 );

}

Int sockfd;

If (sockfd = socket (AF_INET, SOCK_DGRAM, 0) <0)

{

Perror ("socket error ");

Exit (-1 );

}

Int num = 0;

If (num = sendto (sockfd, (void *) dump, bytes_to_send, 0, (struct sockaddr *) & servaddr, sizeof (servaddr) <0)

{

Perror ("send error ");

Exit (-1 );

}

Printf ("send % dbytes \ n", num );

Char buf [1024];

Int len = sizeof (servaddr );

If (num = recvfrom (sockfd, (void *) buf, 1024, 0, (struct sockaddr *) & servaddr, & len) <0)

{

Perror ("recv error ");

Exit (-1 );

}

Printf ("recv % dbytes \ n", num );

Return 0;

}