Quicklinks: manpage | Wireshark text doc | code
randpkt is a tool used to generate fuzzed packets for a specific protocol or randomly from a list. While randpkt has a more limited feature set than similar tools, it is only has 4 flags and generates packets quickly.
randpktdump
is available as an extcap interface if you want to tshark to treat this generator as if it were an interface.
tcp
option uses token-ring instead of ethernet at layer 2. To get packets using the eth/ip/tcp stack, use giop
, tdp
, or bgp
.-b
, byte counts will vary wildly up to this byte count ceiling.In this asciicast, we’ll create pcap with 100 ethernet-II frames and then read it with tshark.
To get an idea of possible traffic, this capture contains a fuzzed packet of every available type (2019).
If you write to stdout, it will write raw pcap-formatted packet bytes (i.e. looks like �M�0Ϻ�ZR�d%sX�˯B). If you are using stdout, you are sending this onto another utility like tshark.
# Send 4 ARP frames to tshark
$ randpkt -t arp -c 4 - | tshark -r -
1 0.000000 00:00:32:25:0f:ff → Broadcast ARP 3873 Unknown ARP opcode 0x25dc
2 1.000000 00:00:32:25:0f:ff → Broadcast ARP 3690 Unknown ARP opcode 0xbb97
3 2.000000 00:00:32:25:0f:ff → Broadcast ARP 4618 Unknown ARP opcode 0x8f78
4 3.000000 00:00:32:25:0f:ff → Broadcast ARP 1204 Unknown ARP opcode 0x6c41