How Can I Change the Data in a TCP Packet's Payload?

asked 2020-05-28 21:39:46 +0000

tzad gravatar image

updated 2020-05-28 21:40:44 +0000


I have several Pcap files. I'd like to edit the contents of the TCP payload on these files. For example, I would like to completely get rid of the 10 = 221 at the end of this packet.

image description

Similarly, I would like to append this 10 = 221 to the end of the following packet's TCP payload.

Is this possible? If so, how can I do this in Wireshark?


1 Answer

answered 2020-05-29 01:52:44 +0000

Chuckc gravatar image

From the old Q&A site: Edit PCAP File
The presentation @Jasper refers to from Sharkfest 2011.
Tools section of the Wireshark wiki
Careful if you try it with Scapy. There was a recent question where it looks like read/write might have issues.

If you have input on editing packets in Wireshark, there is an open bug

Chuckc ( 2020-05-29 01:56:20 +0000 )edit

Asked: 2020-05-28 21:39:46 +0000

Seen: 70 times

Last updated: May 29