Edit PCAP file

0

Hello, I need to modify a pcap file. For example, I need to edit the IP address, timestamp, URL, ... fields. How can I do it? Do I have to write a new software application, or is one available in the network?

Thanks Paolino

asked 17 Feb '12, 05:25

Paolino's gravatar image

Paolino
1111
accept rate: 0%

edited 26 Feb '12, 20:37

cmaynard's gravatar image

cmaynard ♦
3.2k51656
One Answer:
oldestnewestmost voted
1

What you need are tools that are usually used for anonymization and/or packet replay of trace files. You might want to take a look at tcprewrite, bittwiste, pktanon and other tools. You can also download the Sharkfest 2011 presentation (A-11) I did at the retrospective page:

http://sharkfest.wireshark.org/sharkfest.11/index.html

link

answered 17 Feb '12, 05:31

Jasper's gravatar image

Jasper ♦
10.1k328145
accept rate: 15%

edited 17 Feb '12, 05:35

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Tags:

×66
×3

Asked: 17 Feb '12, 05:25

Seen: 2,906 times

Last updated: 26 Feb '12, 20:37

Related questions

How to edit the resulting file dump?

Disable Capturing Capacity or Just to read the pcap files but no capture option

Can I specify the magic number in pcap files?

Perl Net::Pcap Can not parse wireshark saved pcap file

What are the first 40 bytes in this capture file?

pcap_next_ex vs pcap_loop

implementing autostop condition on packet capture!

Searching for Text in a Pcap from a Blog DTD XHTML 1.0

Network slowness

Purchasing wireshark,Pcap analysis

about | faq | privacy | support | contact

powered by OSQA