Differences

This shows you the differences between two versions of the page.

--- network_stuff:tcpdump [2022/07/21 14:45] – jotasandoku
+++ network_stuff:tcpdump [2023/11/02 14:38] (current) – external edit 127.0.0.1
@@ Line 5: / Line 5: @@
   tcpdump -ni eth0 -w /var/tmp/trace -W 48 -G 1800 -C 100 -K    # 48 files, either every 1800 seconds (=30 minutes) or every 100 MB, -K don't verify checksum
   tcpdump -nni bond1 -w /var/tmp/trace -W 1 -G 20 -C 100 -K
+  tcpdump -e -r sflow_2022_new.pcap   # to read an existing pcap (remove -e if not interested in ethernet headers)
 After capture, transfer example:
@@ Line 94: / Line 95: @@
 ----
+**LIBCAP RELATED UTILITIES**
+\\
+  tcprewrite -C --dlt=enet --enet-smac=3a:85:a1:b3:c3:84 --enet-dmac=c2:54:cb:f2:ee:c8  -i sflow_2022_new.pcap -o rwsflow_2022_new.pcap   # this is needed when the pcap we received is linux cooked (sometimes they miss the dst mac address so we add a dummy one
+  tcprewrite -C --dstipmap=192.168.97.255/32:10.100.10.142/32 -i rwsflow_2022_new.pcap -o rwrwsflow_2022_new.pcap
+  tcpreplay -i eth0 --loop 0 xxx.pcap
+[[https://gist.github.com/niranjan-nagaraju/4532037]]

dokucama