The link is an image of a Wireshark dump of an incoming 60-byte Ethernet frame which contains a UDP packet. The packet payload is the single word 'hello' (sorry, I don't have enough rep to paste the image directly).
Problem: I can't get socat or nc to read and display this packet (this isn't entirely true; see #1 below).
I run the reader as:
$ socat UDP:192.168.50.129:5000 -
I've tried various different UDP-related address formats as well as this one. The writer is run as:
$ socat READLINE UDP:192.168.50.132:5000
Question: how do I display this incoming packet, preferably as the single wordhello?
There are unfortunately some complications:
#1
If I run the reader as # socat INTERFACE:ens4f0 - then I do get a display of the incoming frame (it's displayed twice, for some reason). There's some binary output and then the word hello. However, I can't do this, as there will eventually be other processes using this interface, so I need to understand what's going on
#2
The incoming frame actually has a dst IP address of 192.168.50.132; the firewall is set to convert this to 192.168.50.129, which is the address the reader is listening on:
# iptables -t nat -A PREROUTING -i ens4f0 -j DNAT --to 192.168.50.129
The Wireshark output shows the incoming packet before this conversion, so shows the dst IP address as 192.168.50.132. I don't really know whether or not this is working - can I get socat to produce a hex dump of what it is actually seeing on ens4f0?
#3
This is the difficult one, but I'm hoping that it's not related. This is actually a loopback test: a single frame goes out on ens4f0, is looped back by external hardware, and is returned unmodified to ens4f0. The NIC has IP address 192.168.50.129. I have an ip neigh add command which routes accesses to 192.168.50.132 out from ens4f0 to the external hardware; the packet is returned unmodified, which is why I need the iptables command to convert the dst IP address back to the ens4f0 address.
