Im wanting to edit sent packets so say if the default is "11 22 33 44 55 66" i want it to send "11 22 33 33 55 66". Can this be done in wireshark? Also i cant attach anything to the actual process but i know the port it connects through so can i sniff just that port? Or maybe if i can just sniff every single packet sent/received that would work too. asked 11 Jul '11, 09:11  iamabot |
2 Answers:
Q&A sites work best if you ask one question at a time, so each question has its own separate set of answers, and people looking for the answers to particular questions can more easily find them. I'll answer the first question here. The answer is "no" - Wireshark currently neither supports editing packets nor re-transmitting the edited packets. The Tools page of the Wireshark wiki has links to a number of traffic generator tools under "Traffic generators", for example Bit-Twist and Scapy. answered 11 Jul '11, 19:37  Guy Harris ♦♦ |
As for the second question (which is unrelated to the first, so, again, it should have been asked separately): If by "the port it connects through" you mean a TCP or UDP port, and by "apply filters like WPE pro" and "can I sniff just that port" you mean you only want to capture traffic going to or coming from that port, you can use a capture filter such as "udp port XXX" or "tcp port XXX" (or "port XXX", which will capture traffic to or from that TCP port or that UDP port). (Note that if you have VLANs on the network on which you're capturing, and the traffic is going over the VLAN, you might have to capture on the "VLAN interface" for that network rather than on the raw interface, or capture with a filter such as "udp port XXX or (vlan and udp port XXX)". Don't worry about that unless you don't see the traffic.) answered 11 Jul '11, 19:41 Guy Harris ♦♦ |
