Tcpdump is a very useful tool to capture network packets.
e.g. to capture TCP packet from interface lo0 via port 9999
1 | sudo tcpdump -i lo0 port 9999 -XX -v |
Here demostrate sending some UDP packets, using tcpdump to capture them and using Tcpreplay to playback.
- Send some UDP packets via port 9999
- Listen UDP packets from port 9999
- Capture UDP packet using Tcpdump, save captured packets into a file
- Playback captured packets
- Listen UDP packets to verify
Let’s have more fun! Assuming we have captured some UDP packets using the command below:
1 | sudo tcpdump -i en0 udp port 3333 -XX -v -w li.pcap |
Then we use tcprewrite command to reverse the source and destination.
And if we double check the modified .pcap file, it shows as we want.
I also wrote a shell script to rewrite the network package automatically.
References:
- http://xmodulo.com/how-to-capture-and-replay-network-traffic-on-linux.html
- http://rationallyparanoid.com/articles/tcpdump.html
- https://danielmiessler.com/study/tcpdump/#gs.Xztynp0
- http://www.jianshu.com/p/5334025cfb5e