Tool 14: Spoof a record
Description:
A record is a capture file. It contains several packets captured
during a sniff. It can also be created by hand. There are 7 formats
for records: pcap (tcpdump compatible), bin (binary, unreadable by
humans but fast) and mixed/mixed_wrap/dump/hexa/hexa_wrap (easy to
read and edit). A record also has an associated DLT (Data Link Type),
indicating at which level a packet start: raw (start at IP header) and
ether (start at Ethernet header) are the 2 most common DLT. Tool 13
displays DLT of each device.
This tool reads packets stored in a record, and send them to the
network.
Parameter --file indicates the record filename.
Parameter --dlt defines the DLT of packets in record (it depends on
how it was sniffed, generally 'ether' (for Ethernet) or 'raw' (if
packet starts at IP header)). Full list is available through netwag or
running tool 12.
If dlt is not raw, parameter --device indicates the device to use.
If dlt is raw, parameter --spoofip indicates how to send packets.
This tool may need to be run with admin privilege in order to spoof.
Synonyms:
capture, frame, send
Usage:
netwox 14 -f file [-t dlt] [-s|+s] [-k|+k] [-d device] [-i spoofip]
Parameters:
| parameter |
description |
example |
| -f|--file file |
read from record file |
srcfile.txt |
| -t|--dlt dlt |
dlt type of data stored in record |
ether |
| -s|--screen|+s|--no-screen |
display packets before sending them |
|
| -k|--keypress|+k|--no-keypress |
press a key for each packet |
|
| -d|--device device |
device for spoof (if dlt!=raw) |
Eth0 |
| -i|--spoofip spoofip |
ip spoof type (if dlt==raw) |
best |
Examples:
netwox 14 -f "srcfile.txt"
netwox 14 --file "srcfile.txt"