This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Wireshark Packet Forwarding

0
1

Will Wireshark enable packet forwarding to tcp socket instead of file ? (e.g. Resend captured packets to ip:port using "some" protocol) ?

asked 01 Feb '13, 13:22

ahmediukas's gravatar image

ahmediukas
215610
accept rate: 0%


2 Answers:

2

No. Wireshark always writes captured packets to file. In some cases you can also direct the incoming packets to a pipe IIRC, but that will not resend them anywhere else. You need a packet replay / packet generator tool for that, for example bittwist, tcpreplay or ostinato.

answered 01 Feb '13, 13:58

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Jasper thx, tcpreplay i need for something else (almost did it myself today, so woohoo :)

(01 Feb '13, 14:39) ahmediukas

2

No, it won't.

If all you want to do is send raw packets over the wire, Wireshark is overkill. What you might want is, for example, a combination of a program that can capture traffic and write it to a pipe and a program that can read the pipe and send it over the wire, such as tcpdump and netcat.

answered 01 Feb '13, 14:10

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

Actually I need to get packets into some LEA applications, (which can't handle libpcap directly), not putting them back on a wire. Will do for myself, just asked not to make something which will be soon available :)

(01 Feb '13, 14:33) ahmediukas
1

By "which can't handle libpcap directly" do you mean the applications can't directly capture network traffic (which doesn't have to be done with libpcap - libpcap just sits atop already-existing OS-dependent capture mechanisms on UN*X, and, on Windows, the apps could have their own driver rather than using WinPcap's driver), that they don't understand pcap file format, or both?

If the apps can't handle pcap format, then your biggest problem isn't getting packets written to a socket, it's writing packets in a format that the apps can handle.

(01 Feb '13, 14:40) Guy Harris ♦♦

I have my own dissectors/decoders, i just need raw traffic interecepting. That's why I will reroute them using libpcap for which i already have library written.

(01 Feb '13, 15:17) ahmediukas