Why tcprewrite modifies the port in pcap to report an error and how to solve it?

Local tcpdump generated a file 

sudo tcpdump -i lo0 -nn -s0 -v src port 8090 -c 10 -w test.pcap

  ~ tcpdump -r test.pcap
reading from PCAP-NG file test.pcap
12:44:49.420935 IP localhost.8090 > localhost.52238: Flags [P.], seq 1935661700:1935661714, ack 3719210202, win 6379, options [nop,nop,TS val 746872393 ecr 746871394], length 14
12:44:49.420965 IP localhost.8090 > localhost.52238: Flags [P.], seq 0:14, ack 1, win 6379, options [nop,nop,TS val 746872393 ecr 746871394], length 14
12:44:50.426591 IP localhost.8090 > localhost.52238: Flags [P.], seq 14:28, ack 1, win 6379, options [nop,nop,TS val 746873398 ecr 746872393], length 14
...

now I want to modify dest port 52238 = = > 52286 to facilitate playback of the dump file to send data to the current client (52286) 

  ~ lsof -i:8090
COMMAND     PID  USER   FD   TYPE             DEVICE SIZE/OFF NODE NAME
Shadowsoc  1097 zhugw    5u  IPv4 0xe7dccacf94a472b5      0t0  TCP *:8090 (LISTEN)
java      34607 zhugw   40u  IPv6 0xe7dccacfb3a69df5      0t0  TCP localhost:8090 (LISTEN)
java      34607 zhugw   49u  IPv6 0xe7dccacfb3a6a975      0t0  TCP localhost:8090->localhost:52286 (ESTABLISHED)
java      34610 zhugw   45u  IPv6 0xe7dccacfb3a6c635      0t0  TCP localhost:52286->localhost:8090 (ESTABLISHED)

but the following error was reported during modification 

  ~ tcprewrite --portmap=52238:52286 --infile=test.pcap --outfile=test2.pcap

Fatal Error: From plugins/dlt_null/null.c:dlt_null_encode() line 207:
DLT_NULL and DLT_LOOP plugins do not support packet encoding

do not know how to solve this problem? Or is there any other way to modify the port?

Tcpreplay tcpdump
Jan.20,2022

A solution but not sure if it is the right solution

the following command can modify the port successfully 

tcprewrite --portmap=52238:52286 --dlt=enet --enet-smac=00:55:22:AF:C6:37 --enet-dmac=00:55:22:AF:C6:37 --infile=test.pcap --outfile=test2.pcap

  ~ tcpdump -r test2.pcap
reading from file test2.pcap, link-type EN10MB (Ethernet)
12:44:49.420935 IP localhost.8090 > localhost.52286: Flags [P.], seq 1935661700:1935661714, ack 3719210202, win 6379, options [nop,nop,TS val 746872393 ecr 746871394], length 14
12:44:49.420965 IP localhost.8090 > localhost.52286: Flags [P.], seq 0:14, ack 1, win 6379, options [nop,nop,TS val 746872393 ecr 746871394], length 14
12:44:50.426591 IP localhost.8090 > localhost.52286: Flags [P.], seq 14:28, ack 1, win 6379, options [nop,nop,TS val 746873398 ecr 746872393], length 14

Previous: Doubts about atomic operations

Next: How to tcpreplay Socket data?

  • How to tcpreplay Socket data?

    background client connection server receives data parsing data into storage server (port: 8090) = > client demand the server that wants to run the client application but cannot connect to it is wondering if it is possible to tcpdump the data fro...

    Tcpreplay tcpdump
    Jan.20,2022
css mysql arrays josn react html typescript webpack npm sass R objective-c .net sql-server jquery python-3.x angularjs django angular excel regex iphone ajax linux xml pandas vba spring database wordpress string wpf xcode windows bash postgresql oracle multithreading eclipse list firebase algorithm macos forms image scala visual-studio azure bootstrap spring-boot react-native python-2.7 docker performance function winforms matlab powershell apache dataframe api sqlite numpy rest shell selenium flutter dart maven loops qt swing android-studio csv express file class tensorflow sorting codeigniter perl
© 2021 CodesHelper
Advertising Contact us About us
Menu