DevNotes

Concise, Handy and Elegant Notes for Developers

0%

Capture Network Packet

Tcpdump is a very useful tool to capture network packets.
e.g. to capture TCP packet from interface lo0 via port 9999

1
sudo tcpdump -i lo0 port 9999 -XX -v

Here demostrate sending some UDP packets, using tcpdump to capture them and using Tcpreplay to playback.

  1. Send some UDP packets via port 9999
  2. Listen UDP packets from port 9999
  3. Capture UDP packet using Tcpdump, save captured packets into a file
  4. Playback captured packets
  5. Listen UDP packets to verify

Let’s have more fun! Assuming we have captured some UDP packets using the command below:

1
sudo tcpdump -i en0 udp port 3333 -XX -v -w li.pcap

Then we use tcprewrite command to reverse the source and destination.

And if we double check the modified .pcap file, it shows as we want.

I also wrote a shell script to rewrite the network package automatically.

References:

  • http://xmodulo.com/how-to-capture-and-replay-network-traffic-on-linux.html
  • http://rationallyparanoid.com/articles/tcpdump.html
  • https://danielmiessler.com/study/tcpdump/#gs.Xztynp0
  • http://www.jianshu.com/p/5334025cfb5e