This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.
0
1

Will Wireshark enable packet forwarding to tcp socket instead of file ? (e.g. Resend captured packets to ip:port using "some" protocol) ?

asked 01 Feb '13, 13:22

ahmediukas's gravatar image

ahmediukas
215610
accept rate: 0%


No. Wireshark always writes captured packets to file. In some cases you can also direct the incoming packets to a pipe IIRC, but that will not resend them anywhere else. You need a packet replay / packet generator tool for that, for example bittwist, tcpreplay or ostinato.

permanent link

answered 01 Feb '13, 13:58

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Jasper thx, tcpreplay i need for something else (almost did it myself today, so woohoo :)

(01 Feb '13, 14:39) ahmediukas

No, it won't.

If all you want to do is send raw packets over the wire, Wireshark is overkill. What you might want is, for example, a combination of a program that can capture traffic and write it to a pipe and a program that can read the pipe and send it over the wire, such as tcpdump and netcat.

permanent link

answered 01 Feb '13, 14:10

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

Actually I need to get packets into some LEA applications, (which can't handle libpcap directly), not putting them back on a wire. Will do for myself, just asked not to make something which will be soon available :)

(01 Feb '13, 14:33) ahmediukas
1

By "which can't handle libpcap directly" do you mean the applications can't directly capture network traffic (which doesn't have to be done with libpcap - libpcap just sits atop already-existing OS-dependent capture mechanisms on UN*X, and, on Windows, the apps could have their own driver rather than using WinPcap's driver), that they don't understand pcap file format, or both?

If the apps can't handle pcap format, then your biggest problem isn't getting packets written to a socket, it's writing packets in a format that the apps can handle.

(01 Feb '13, 14:40) Guy Harris ♦♦

I have my own dissectors/decoders, i just need raw traffic interecepting. That's why I will reroute them using libpcap for which i already have library written.

(01 Feb '13, 15:17) ahmediukas
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×1,620
×248
×10
×5

question asked: 01 Feb '13, 13:22

question was seen: 6,842 times

last updated: 01 Feb '13, 18:25

p​o​w​e​r​e​d by O​S​Q​A