try tcprewrite
There is a packet re-sending tool, named tcpreplay tried at this article before. And there is a case also to modify the L2/L3 information of those packets. There is a tool to do it, it is tcprewrite. I tried to generate a Lisp script like tcprewrite at this article, but it is harder than I thought. So I tried tcprewrite. Here is an example.
Install tcprewrite
The utility tcprewrite is installed with tcpreplay. On Debian wheezy, apt-get install tcpreplay makes tcprewrite installed.
Change destination MAC address
# tshark -n -V -r Before.pcap | grep -A10 'Ethernet II'
tshark: Lua: Error during loading:
[string "/usr/share/wireshark/init.lua"]:45: dofile has been disabled
Running as user "root" and group "root". This could be dangerous.
Ethernet II, Src: 98:01:a7:b6:10:a7 (98:01:a7:b6:10:a7), Dst: 00:01:e8:8b:6f:4c (00:01:e8:8b:6f:4c)
Destination: <span class="deco" style="color:#FF0000;">00:01:e8:8b:6f:4c (00:01:e8:8b:6f:4c)</span>
Address: 00:01:e8:8b:6f:4c (00:01:e8:8b:6f:4c)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 98:01:a7:b6:10:a7 (98:01:a7:b6:10:a7)
Address: 98:01:a7:b6:10:a7 (98:01:a7:b6:10:a7)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IP (0x0800)
Internet Protocol Version 4, Src: ...
#
#
#
# tcprewrite --enet-dmac=00:16:3e:af:0e:38 --infile=Before.pcap --outfile=After.pcap
#
#
#
# tshark -n -V -r After.pcap | grep -A10 'Ethernet II'
tshark: Lua: Error during loading:
[string "/usr/share/wireshark/init.lua"]:45: dofile has been disabled
Running as user "root" and group "root". This could be dangerous.
Ethernet II, Src: 98:01:a7:b6:10:a7 (98:01:a7:b6:10:a7), Dst: 00:16:3e:af:0e:38 (00:16:3e:af:0e:38)
Destination: <span class="deco" style="color:#0000FF;">00:16:3e:af:0e:38 (00:16:3e:af:0e:38)</span>
Address: 00:16:3e:af:0e:38 (00:16:3e:af:0e:38)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 98:01:a7:b6:10:a7 (98:01:a7:b6:10:a7)
Address: 98:01:a7:b6:10:a7 (98:01:a7:b6:10:a7)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IP (0x0800)
Internet Protocol Version 4, Src: ...
#
Change source MAC address
Use --enet-smac option instead of --enet-dmac option.
Others
Should read "man tcprewrite".
