Is there a Windows tool for capture and playback of modified UDP packets?

Question

I'm looking for a tool (or a set of tools) for Windows that will perform the following:

1. Capture UDP packets from a specific network interface to a file.
2. Play a stream of packets from a file through a network interface.
3. In addition to 2: replay the original packets to a different host than the original one.

I've already got 1 and 2, but I can't find a tool to do 3.

For capturing I can use Wireshark, for playback Colasoft Packet Player, but I couldn't find a way to change the host the packets are sent to.

The tool should work on Windows XP SP2/3.

Answer 1

I've found out that the tcprewrite tool provides editing capabilities to .pcap files. Unfortunately, it only work on Unix-like operating system.

Answer 2

You mention Colasoft Packet Player and it sounded like a useful tool, so I checked it out. While checking their site I found they also have Packet Builder.

It seems this tool can import pcap files (and some other formats) and edit them. It can then export the edited packets again, but only to Colasoft Capsa Packet files (Colasoft's own capture file format). But that should not be a problem as Packet Player is be able to read their own format.

Unfortunately it seems there is no way to edit multiple packets at the same time, so it's a tedious process to edit a lot of packets.

Answer 3

Try out WinPCap which allows very low-level intercept and injection of packets. It is an open source project that many other stateful packet inspection programs (e.g. Ethereal) are based on.

Answer 4

Bork Blatt mentioned Ethereal, which has been renamed to Wireshark for various reasons, so go to the new site directly. I've never tried editing packets in Wireshark, but you do get the option to save out the packets so you can work with the files offline to change the packets. Do get started with this, check out the libpcap file format documentation.