Re inject tcpdump capture

**b0bjes** · 11-27-2007

Happy aniversary then

**RobinVossen** · 11-27-2007

Thanks

, I am waitinf for the mrs. atm.
Ill look for you in the meanwhile

**b0bjes** · 12-05-2007

Have you got any script for me ?

**RobinVossen** · 12-05-2007

oh, SORRY I forgot.. =.='
I dont have the PDA with me today.. Ill email myself so ill remember. And its Sinterklaas tonight so I wont have time tonight either..
I am so sorry..

**b0bjes** · 12-05-2007

No problem I still have to work on my WIDS anyway so I can wait a litlle bit longer before testing.

**b0bjes** · 12-10-2007

Got anything ? It's time for me to try and replay some air traffic. If you don't have your script can you tell me briefly what tools and method did you use ?

**RobinVossen** · 12-10-2007

Heh Sorry I did remind myself this time.
But well I am really busy.
I did have a Quick look for you. but back luck..

I guess I better can just tell you what to do and how

I advice you to write a script for it.
Since doing this by hand kills you.
I did use hping but you can use lots of tools for it like scappy.
In order to write the script we first need to look under the hood of the wireshark files.
So, well I did open it with a HEX editor and took a look at the file stucture.
As you might see aswell its Rubbish. There I got lazy. I started Wireshark again and opened the pcap file.. Saved it as txt file and there its great

You get the packages in nearly Cleartext..
So, now you write a tool that reads it and translates it to hping commandline.
I am really glad to help you with this. (If you tryed)
I hope I have time tonight to look for myscript again (since its Quite a long script) but I fear I deleted it during my last reinstall. (since I never used it anyhow you nearly never need the exact same Packages)

Cheers,
Robin

**b0bjes** · 12-10-2007

Ok thank you anyway.
I'm gonna try to write one myself. I'm gonna try my best.

Thanks for your help.

**RobinVossen** · 12-10-2007

Yea, I am really sorry for it.
But Ill offer all the help I can give you to make it up to you

Cheers,
Robin

**b0bjes** · 12-18-2007

Hi, I just want you to know that I successfully adapted scapy to reinject a tcpdump capture exported in a plaintext format.
I still have some trouble but which are inherent to scapy.
Was not that hard actually since there is a function in scapy that allows one to import one packet from a hexdump capture. I only needed to adapt it to go through a whole file.

Thread Tools

Display

Posting Permissions