Skip to content

Instantly share code, notes, and snippets.

@bugcy013

bugcy013/tcpdump_tcpreplay.org

Forked from niranjan-nagaraju/tcpdump_tcpreplay.org
Created July 12, 2014 19:04
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save bugcy013/c0f252a7f9c7bc362ed9 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save bugcy013/c0f252a7f9c7bc362ed9 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
tcpdump_tcpreplay.org

TCPReplay/TCPRewrite/TCPPrep/TCPDump Cheatsheet

tcprewrite

Rewrite IP/Mac addresses, -C optionally to fix checksums

  1. tcpprep, first:C2S, Second S2C, Generate cache file tcpprep –auto=first –pcap=icmp.pcap –cachefile=icmp_in.cache
  2. Rewrite end points to 172.16.0.1/172.16.0.2 [ping 2->1, reply, 1->2] tcprewrite –endpoints=172.16.0.1:172.16.0.2 -i out.pcap -o out2.pcap –cachefile=icmp_in.cache
  3. Rewrite macs too [ping (172.16.0.2)00:01:02:03:04:05 -> (172.16.0.1)06:07:08:09:10:11, reply: vice-versa] tcprewrite –endpoints=172.16.0.1:172.16.0.2 –enet-smac=00:01:02:03:04:05,06:07:08:09:10:11 –enet-dmac=06:07:08:09:10:11,00:01:02:03:04:05 -i icmp.pcap -o out2_macs.pcap –cachefile=icmp_in.cache

Rewrite Dest and Src IPs

tcprewrite –dstipmap=0.0.0.0/0:172.16.0.2 –srcipmap=0.0.0.0/0:172.16.0.1 –infile=out.pcap –outfile=out2.pcap

Rewrite Dest and source macs

tcprewrite –enet-dmac=00:01:02:03:04:05 –enet-smac=06:07:08:09:10:11 –infile=icmp_ping_noerrors.pcap –outfile=out.pcap

tcpdump

Print a pcap

tcpdump -r file.pcap

Listen to an interface (-e display ethernet, -nn dont resolve hosts, -i interface, -vvv:verbose, -w write to a file)

tpdump -e -nn -vvv -i eth0 -w outfile.pcap

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment