This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Is there a way to “replay” a packet capture of a smtp session for the purpose of debugging?

0

I'm troubleshooting a smtp issue involving character-set encoding and it's extremely difficult to involve the end user. I have a packet capture of an incoming smtp session that results in problematic behavior but if I try to copy/paste the mime source from wireshark, the issue doesn't occur.

I'm reasonably certain that the difference in my testing is that I'm copying the strings in the packet capture from the Wireshark "follow tcp stream" output and that's not necessarily the bit-for-bit accurate copy of the data as it arrived on the wire.

So my question is this: how can I get an EXACT copy of the bit-for-bit SMTP data and send it again for reproduction purposes? Is there a way to "replay" a transmission?

asked 01 Jun '16, 17:14

thecgmguy's gravatar image

thecgmguy
11112
accept rate: 0%


2 Answers:

0

You might find something in the Wiki that suits your needs.

answered 01 Jun '16, 22:19

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

0

Yes, there is, look for "tcpreplay". Please note that it is important that you have captured the session establishment phase (SYN, SYN+ACK, ACK) - not for the tool to work but for your SNMP machine to accept the replayed packets.

answered 01 Jun '16, 22:23

sindy's gravatar image

sindy
6.0k4851
accept rate: 24%