是否有用于捕获和回放修改后的 UDP 数据包的 Windows 工具?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/360889/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Is there a Windows tool for capture and playback of modified UDP packets?
提问by kshahar
I'm looking for a tool (or a set of tools) for Windows that will perform the following:
我正在寻找一种适用于 Windows 的工具(或一组工具)来执行以下操作:
- Capture UDP packets from a specific network interface to a file.
- Play a stream of packets from a file through a network interface.
- In addition to 2: replay the original packets to a different host than the original one.
- 捕获来自特定网络接口的 UDP 数据包到文件。
- 通过网络接口播放来自文件的数据包流。
- 除了2:将原始数据包重播到与原始主机不同的主机。
I've already got 1 and 2, but I can't find a tool to do 3.
我已经有了 1 和 2,但我找不到做 3 的工具。
For capturing I can use Wireshark, for playback Colasoft Packet Player, but I couldn't find a way to change the host the packets are sent to.
对于捕获,我可以使用Wireshark,用于播放Colasoft Packet Player,但我找不到更改数据包发送到的主机的方法。
The tool should work on Windows XP SP2/3.
该工具应该可以在 Windows XP SP2/3 上运行。
采纳答案by spxl
The BitTwist(http://bittwist.sourceforge.net) editor commandline program (bittwiste) allows you to change the destination IP address (and port number) amongst other things.
该BitTwist(http://bittwist.sourceforge.net)编辑命令行程序,( bittwiste),您可以在其他事之中更改目的地IP地址(和端口号)。
See a similar question (and worked answer) at the Super User site: Replay UDP Packet Capture
在超级用户站点上查看类似的问题(和有效的答案):Replay UDP Packet Capture
回答by Otherside
You mention Colasoft Packet Player and it sounded like a useful tool, so I checked it out. While checking their site I found they also have Packet Builder.
你提到了 Colasoft Packet Player,它听起来像是一个有用的工具,所以我检查了它。在检查他们的网站时,我发现他们也有Packet Builder。
It seems this tool can import pcap files (and some other formats) and edit them. It can then export the edited packets again, but only to Colasoft Capsa Packet files (Colasoft's own capture file format). But that should not be a problem as Packet Player is be able to read their own format.
这个工具似乎可以导入 pcap 文件(和一些其他格式)并编辑它们。然后它可以再次导出编辑过的数据包,但只能导出到 Colasoft Capsa Packet 文件(Colasoft 自己的捕获文件格式)。但这应该不是问题,因为 Packet Player 能够读取它们自己的格式。
Unfortunately it seems there is no way to edit multiple packets at the same time, so it's a tedious process to edit a lot of packets.
不幸的是,似乎无法同时编辑多个数据包,因此编辑大量数据包是一个乏味的过程。
回答by KathyRo
I use a hex editor to do a global search and replace on the PCAP file to change the destination MAC and IP. For Unicast you need to change both - not just the IP.
我使用十六进制编辑器进行全局搜索并替换 PCAP 文件以更改目标 MAC 和 IP。对于单播,您需要同时更改两者 - 不仅仅是 IP。
You could change more than the addresses, but for quick-n-dirty it's OK.
您可以更改的不仅仅是地址,但对于快速n-dirty 来说是可以的。
回答by Bork Blatt
回答by unwind
Bork Blatt mentioned Ethereal, which has been renamed to Wiresharkfor various reasons, so go to the new site directly. I've never tried editing packets in Wireshark, but you do get the option to save out the packets so you can work with the files offline to change the packets. Do get started with this, check out the libpcap file formatdocumentation.
Bork Blatt 提到了 Ethereal,由于种种原因已经更名为Wireshark,所以直接去新站点。我从未尝试过在 Wireshark 中编辑数据包,但您可以选择保存数据包,以便您可以脱机处理文件以更改数据包。开始使用这个,查看libpcap 文件格式文档。
回答by kshahar
I've found out that the tcprewritetool provides editing capabilities to .pcap files. Unfortunately, it does not support Windows.
我发现tcprewrite工具为 .pcap 文件提供了编辑功能。不幸的是,它不支持 Windows。
回答by ashoka vanjare
for visual inspection you can use wire shark tool but you need advanced tool then use wpdpack libraries. It is available in this site.
对于视觉检查,您可以使用线鲨工具,但您需要高级工具,然后使用 wpdpack 库。它可以在这个网站上找到。
https://www.winpcap.org/devel.htm
https://www.winpcap.org/devel.htm
Similar like wire shark you can capture using TestPacketCapture visual studio solution.
与您可以使用 TestPacketCapture 视觉工作室解决方案捕获的线鲨类似。
