Any Tools/Libraries for Replaying IP Packets?

Hello!

I have captured the TCP/IP traffic of an application with tcpdump -w, and
now I would like to read in the file to replay the traffic, can you
advise any tools/libraries to do this? (preferably Ruby ones.) I work on
a Linux box, the dump contains both TCP and UDP packets. I want to use
Ruby here because I need to adjust some data of the dump when replaying.

Best regards,

Sven C. Koehler

Sven C. Koehler wrote:

Hello!

I have captured the TCP/IP traffic of an application with tcpdump -w, and
now I would like to read in the file to replay the traffic, can you
advise any tools/libraries to do this? (preferably Ruby ones.) I work on
a Linux box, the dump contains both TCP and UDP packets. I want to use
Ruby here because I need to adjust some data of the dump when replaying.

I guess tcpdump -w writes raw packets, so you will need to send out the
same data as raw packets.

Here are some files to do that. Start with send.rb. Take out the
readline code. Add code to read each packet data as a string, and call
IP.new on it to get a packet, and then call send with the packet. The IP
methods will help with manipulating the packet data (in particular, you
can treat the whole packet as a string). The send-recv.rb file is nice
for debugging. Of course, all have to be run as root.

BTW, these three files are ruby prototypes for a library I am working on
to generate C code (and ruby wrappers) for doing similar things with raw
IP packets and packet options, esp. DSRC wireless options. I'll make it
available in a few weeks, probably.

ip.rb (2.2 KB)

send-recv.rb (1.1 KB)

send.rb (537 Bytes)

This might be of interest:

http://www.goto.info.waseda.ac.jp/~fukusima/ruby/pcap-e.html

But, I'm not sure if you can read a tcpdump file with it.

Regards,

  Michael

Thanks for the code! I will try it out later. Thanks also to the other
advisors.

-S.