Ask Your Question
0

Payload of packets generated by text2pcap doesn't appear as L7 payload

asked 2020-02-19 10:19:47 +0000

q2dg gravatar image

updated 2020-02-19 10:20:15 +0000

It appears as a "TCP payload" when I open pcapng generated file in Wireshark. I want this payload to appear as another layer above TCP, instead. Is it possible? The script I've written to generate packets is this:

 #!/bin/bash
echo "O2020-02-22 15:35:08" > captura.txt
echo -n "Enviament" | hexdump -C >> captura.txt
echo "I2020-02-22 15:35:09" >> captura.txt
echo -n "Recepció" | hexdump -C >> captura.txt
text2pcap -anD -4 10.0.0.1,9.9.9.9 -T 12345,80 -t "%Y-%m-%d %H:%M:%S" captura.txt captura.pcapng

Thanks!

edit retag flag offensive close merge delete

Comments

On the other hand, I haven't found how to specify custom flags to each generated TCP packet...all of them are simply "ACK"...

q2dg gravatar imageq2dg ( 2020-02-19 10:23:32 +0000 )edit
add a comment

1 Answer

Sort by » oldest newest most voted
0

answered 2020-02-19 11:28:53 +0000

grahamb gravatar image

The only additional headers that can be added by text2pcap are:

  • Ethernet II
  • IP (4 or 6)
  • UDP, TCP or SCTP

So there no support for anything "above" TCP.

edit flag offensive delete link more

Comments

Ok, thanks!

q2dg gravatar imageq2dg ( 2020-02-19 11:40:12 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2020-02-19 10:19:47 +0000

Seen: 535 times

Last updated: Feb 19 '20

Related questions

How to store raw hexdump as a pcap file?

How to use custom protocol with text2pcap?

[Suggestion] socat to text2pcap

How to read hexdump with tshark without create file

Text2pcap: it gives the original unedited pcap in output

Text2pcap ISDN Q931 HEX

Text2pcap LAPD for Q931 Call Flow

Confusing swap of text2pcap in/outbound addresses