How can i remove packet headers with script

asked 2020-03-01 08:21:01 +0000

Elad M.
1 ●1 ●1 ●2

updated 2020-03-01 08:21:23 +0000

Hi, I wish to remove packet headers as vlan and mpls (maybe other headers in the future) on a pcap file, i have a few problems:

I need to do it with a script (Python based)(on windows env)(I have a lot of them so using gui based applications as TraceWrangler takes to much time)
I'm able to do so with editcap (it can remove vlan tags, but couldn't find any option for other headers).
With editcap i can remove other headers with the -C option, but the only way i was able to check the size and offset of a spesific header is with tshark extract to pdml file, the problem is it takes too long and i don't know why.

Thanks.

edit retag flag offensive close merge delete

add a comment

2 Answers

Sort by » oldest newest most voted

answered 2020-03-03 19:58:37 +0000

Chuckc
2858 ●5 ●567 ●19

You asked for Python but in the past Perl was usually faster.
Here is an example using Perl to remove headers from RTP packets:
https://wiki.wireshark.org/RtpDumpScript
process_pkt would need a little code to determine the type of header to know how much to chop.