Network UDP logger with replay

I need network logger utility with ability to replay the data it collected, for example, I will record incoming data on UDP port 1234 for 10 minutes, record it to file, then replay that data (with same timing) to some other address:port.

I feel that it should be posted here, since it concerns development开发者_StackOverflow社区, not admin-ing.

EDIT:

It has to run on windows, and it can be standalone process that will listen to UDP port exclusively, so it doesn't have to be 'sniffer'.

You might want to have a look at tcpreplay. It should do what you want to do when used in conjuction with Wireshark or tcpdump.

Answer imported from a similar question on superuser.com (also part of StackExchange): Replay UDP Packet Capture

BitTwist (http://bittwist.sourceforge.net) should be able to do what you want.

With Bit-Twist, you can now regenerate your captured traffic onto a live network! Packets are generated from tcpdump trace file (.pcap file). Bit-Twist also comes with a comprehensive trace file editor to allow you to change the contents of a trace file.

The "trace file editor" part is what you are most interested in here.

I think you need to transform in two passes: one to change the IP addresses, another to change the UDP port numbers. I believe you can do this in either order.

bittwiste -I original.pcap -O changedip.pcap -T ip -s IP1,IP3 -d IP2,IP4
bittwiste -I changedip.pcap -O changedipandport.pcap -T udp -s Port1,Port3 -d Port2,Port4

where you need to stick in the IP addresses and port numbers, eg

bittwiste -I original.pcap -O changedip.pcap -T ip -s 192.168.0.1,10.10.0.3 -d 192.168.0.2,10.10.0.4
bittwiste -I changedip.pcap -O changedipandport.pcap -T udp -s 12345,24680 -d 80,8080

If your original capture file only has the IPs and port numbers of your original machines, you can simplify this by not mentioning the old IPs and port numbers in the edit commands, eg

bittwiste -I original.pcap -O changedip.pcap -T ip -s 10.10.0.3 -d 10.10.0.4
bittwiste -I changedip.pcap -O changedipandport.pcap -T udp -s 24680 -d 8080

to generate packets from 10.10.0.3:24680 to 10.10.0.4:8080.

You should be able to play back the changedipandport.pcap file using Colasoft Packet Player (http://www.colasoft.com/packet_player) or the commandline BitTwist player, eg

bittwist -i 1 changedipandport.pcap

where the "1" here is device 1. Use bittwist -d to list the devices.

There are other nifty options with the BitTwist player that you can't do with the Colasoft Packet Player, notably by changing the speed of the packets sent by a multiplier (eg 5 times original speed or 0.1 times original speed).

I have successfully tested this method using Wireshark (http://www.wireshark.org) to capture OSC data (UDP packets) sent from TouchOSC on an i-device to my laptop (via WiFi) at port 8000, using bittwiste (the editor) to change destination IP address to my wired ethernet adapter address and the UDP port to 8001, then replaying using bittwist (the player) to a Pure Data (http://puredata.info) patch listening on port 8001.

I think you would try to use WireShark.

Wireshark is the world's foremost network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. It is the de facto (and often de jure) standard across many industries and educational institutions.