5

Is there a freeware Windows/Linux GUI packet replay tool that has the advanced features of tcpreplay (http://tcpreplay.synfin.net/) or bittwist (http://bittwist.sourceforge.net)? I'm particularly interested in the following features:

  1. Open pcap files for editing and injecting into arbitrary network
  2. Change source and destination addresses/ports of UDP packets
  3. Change packet timing (with millisecond resolution)
  4. Edit packet contents, including modifying its length
  5. Has graphical front end for Windows or Linux (or Mac OS X)

I've scanned a couple lists of potential tools (here and here), but nothing really fits my requirements. The closest tool might be Ostinato (http://code.google.com/p/ostinato/), but it doesn't appear to open packet capture files. Thanks for any help!

tony19
  • 189
  • 2
  • 5

2 Answers2

1

I always use Wireshark (formerly ethereal) for simple decode and analysis. While the price is right (free) and the cross-platform GUI functional, the feature set does not meet your complete list. There is also professional tool ($) from Fluke Networks called ClearSightâ„¢ Analyzer. It will replay multimedia streams, etc from pcap files.

Samuel Dighan
  • 51
  • 2
0

Ettercap might work for you. I have only played around with its basic features, but it will allow you to do packet injection into a packet stream and has a wide range of plug-ins available, some of which might be useful to you.

I don't know of anyway offhand to modify packets "on-the-fly" without already being a part of the tcp stream.

EDIT: Oh I forgot about ettercap filters... filter video tutorial