{"id":6861,"date":"2020-01-14T16:44:20","date_gmt":"2020-01-14T22:44:20","guid":{"rendered":"https:\/\/www.poweradmin.com\/blog\/?p=6861"},"modified":"2020-01-16T09:46:21","modified_gmt":"2020-01-16T15:46:21","slug":"replaying-and-redirecting-a-network-capture-from-a-different-network","status":"publish","type":"post","link":"https:\/\/www.poweradmin.com\/blog\/replaying-and-redirecting-a-network-capture-from-a-different-network\/","title":{"rendered":"Replaying and Redirecting a Network Capture from a Different Network"},"content":{"rendered":"

Recently we had a case where the SNMP Trap Monitor<\/a> was truncating text from the received trap.\u00a0 The customer captured some example SNMP Trap packets using Wireshark<\/a>, and then sent us the capture file.\u00a0 Wireshark is an awesome application to look at network traffic and we highly recommend it.<\/span><\/p>\n

\u00a0<\/p>\n

But back to the network capture \u2013 we had to figure out how to replay it, and since it came from a different network, we needed to direct the SNMP Traps to our PA Server Monitor<\/a> server so it could receive and process them.<\/span><\/p>\n

\u00a0<\/p>\n

It turns out the type of software to use is called a network traffic generator.\u00a0 \u00a0After looking at many options we settled on the Ostinato packet generator<\/a>.\u00a0 It has a friendly GUI and lets you change any field in any protocol layer.\u00a0 It is very powerful yet still flexible and easy to use.<\/span><\/p>\n

\u00a0<\/p>\n

In our case, we only needed to redirect a few individual UDP trap packets.\u00a0 \u00a0Before we could load the packet capture, which was in pcapng format (from the Next Generation PCap), we needed to convert it to the older pcap format.\u00a0 Luckily the pcapng.com website has a simple online converter for this.<\/span><\/p>\n

\u00a0<\/p>\n

With our capture file in the correct format, it was time to load it.\u00a0 \u00a0You do that by selecting a network interface, and then going to the Streams tab and right-clicking to load a new stream.\u00a0 \u00a0When we were done, we had 10 SNMP Trap packets loaded (our customer did a nice job of filtering the capture in Wireshark to just the SNMP Trap packets that we needed).<\/span><\/p>\n

\"\"<\/a><\/span><\/p>\n

\u00a0<\/p>\n

Once we had the packets loaded we clicked the gear icon on the first one and went to the Protocol Data tab.\u00a0 \u00a0Here you can change fields for any layer of the protocol stack.\u00a0 In our case we wanted to point the packet to our own server when we replayed it, so we changed the following fields:<\/span><\/p>\n

\u00a0<\/p>\n