Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
TCPReplay/TCPRewrite/TCPPrep/TCPDump Cheatsheet

TCPReplay/TCPRewrite/TCPPrep/TCPDump Cheatsheet


Rewrite IP/Mac addresses, -C optionally to fix checksums

  1. tcpprep, first:C2S, Second S2C, Generate cache file
    tcpprep --auto=first --pcap=icmp.pcap --cachefile=icmp_in.cache
  2. Rewrite end points to [ping 2->1, reply, 1->2]
    tcprewrite --endpoints= -i out.pcap -o out2.pcap --cachefile=icmp_in.cache
  3. Rewrite macs too [ping ( -> (, reply: vice-versa]
    tcprewrite --endpoints= --enet-smac=00:01:02:03:04:05,06:07:08:09:10:11 --enet-dmac=06:07:08:09:10:11,00:01:02:03:04:05 -i icmp.pcap -o out2_macs.pcap --cachefile=icmp_in.cache

Rewrite Dest and Src IPs

tcprewrite --dstipmap= --srcipmap= --infile=out.pcap --outfile=out2.pcap 

Rewrite Dest and source macs

tcprewrite --enet-dmac=00:01:02:03:04:05 --enet-smac=06:07:08:09:10:11 --infile=icmp_ping_noerrors.pcap --outfile=out.pcap


Print a pcap

tcpdump -r file.pcap

Listen to an interface (-e display ethernet, -nn dont resolve hosts, -i interface, -vvv:verbose, -w write to a file)

tcpdump -e -nn -vvv -i eth0 -w outfile.pcap
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment