Wireshark capture udp data6/26/2023 ![]() ![]() I have an ip neigh add command which routes accesses to 192.168.50.132 out from ens4f0 to the external hardware the packet is returned unmodified, which is why I need the iptables command to convert the dst IP address back to the ens4f0 address. This is actually a loopback test: a single frame goes out on ens4f0, is looped back by external hardware, and is returned unmodified to ens4f0. This is the difficult one, but I'm hoping that it's not related. I don't really know whether or not this is working - can I get socat to produce a hex dump of what it is actually seeing on ens4f0? #3 The Wireshark output shows the incoming packet before this conversion, so shows the dst IP address as 192.168.50.132. The incoming frame actually has a dst IP address of 192.168.50.132 the firewall is set to convert this to 192.168.50.129, which is the address the reader is listening on: # iptables -t nat -A PREROUTING -i ens4f0 -j DNAT -to 192.168.50.129 However, I can't do this, as there will eventually be other processes using this interface, so I need to understand what's going on #2 There's some binary output and then the word hello. ![]() If I run the reader as # socat INTERFACE:ens4f0 - then I do get a display of the incoming frame (it's displayed twice, for some reason). There are unfortunately some complications: #1 ![]() Question: how do I display this incoming packet, preferably as the single word hello? I've tried various different UDP-related address formats as well as this one. Problem: I can't get socat or nc to read and display this packet (this isn't entirely true see #1 below). What we can do is simply filter based on udp. The packet payload is the single word 'hello' (sorry, I don't have enough rep to paste the image directly). We have a capture of just a few seconds of data and a whole mixture of applications and protocols. The link is an image of a Wireshark dump of an incoming 60-byte Ethernet frame which contains a UDP packet. ![]()
0 Comments
Leave a Reply. |