search

appneta / tcpreplay

Pcap editing and replay tools for *NIX and Windows - Users please download source from
http://tcpreplay.appneta.com/wiki/installation.html#downloads
1.17k stars 268 forks source link

[Bug] Rewriting Linux Cooked capture layer with --dlt=enet breaks the output PCAP format #790

Closed msi3na closed 1 year ago

msi3na commented 1 year ago

I am trying to rewrite PCAPs with Linux Cooked Capture, the output format is malformed and can't be properly read by wireshark.

Command tcprewrite --dlt=enet -i pcap.pcap -o pcap1.pcap

PCAPs Archive.zip

Tried on both versions below:

-- MAC OS homebrew tcprewrite version: 4.4.3 (build git:v4.4.3) Copyright 2013-2022 by Fred Klassen - AppNeta Copyright 2000-2012 by Aaron Turner The entire Tcpreplay Suite is licensed under the GPLv3 Cache file supported: 04 Compiled against libdnet: 1.14 Compiled against libpcap: 1.10.1 64 bit packet counters: enabled Verbose printing via tcpdump: enabled Fragroute engine: enabled

-- Ubuntu 20.4 LTS tcprewrite version: 4.4.1 (build git:v4.4.1) Copyright 2013-2022 by Fred Klassen - AppNeta Copyright 2000-2012 by Aaron Turner The entire Tcpreplay Suite is licensed under the GPLv3 Cache file supported: 04 Not compiled with libdnet. Compiled against libpcap: 1.9.1 64 bit packet counters: enabled Verbose printing via tcpdump: enabled Fragroute engine: disabled

msi3na commented 1 year ago

image

hoxnox commented 1 year ago

same for me

tcprewrite -i 1.pcap -o 1_.pcap --dlt=enet

1.pcap.gz

fklassen commented 1 year ago

closing as dup of #792