How Can I Change the Data in a TCP Packet's Payload?

pcap
edit

asked 2020-05-28 21:39:46 +0000

trist
5 ●4 ●4 ●6

updated 2020-05-28 21:40:44 +0000

Hello,

I have several Pcap files. I'd like to edit the contents of the TCP payload on these files. For example, I would like to completely get rid of the 10 = 221 at the end of this packet.

image description

Similarly, I would like to append this 10 = 221 to the end of the following packet's TCP payload.

Is this possible? If so, how can I do this in Wireshark?

Thanks!

edit retag flag offensive close merge delete

add a comment

1 Answer

Sort by » oldest newest most voted

answered 2020-05-29 01:52:44 +0000

Chuckc
2858 ●5 ●567 ●19

From the old Q&A site: Edit PCAP File
The presentation @Jasper refers to from Sharkfest 2011.
Tools section of the Wireshark wiki
Careful if you try it with Scapy. There was a recent question where it looks like read/write might have issues.

edit flag offensive delete link

Comments

If you have input on editing packets in Wireshark, there is an open bug

Chuckc ( 2020-05-29 01:56:20 +0000 )edit

add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2020-05-28 21:39:46 +0000

Seen: 1,709 times

Last updated: May 29 '20

How Can I Change the Data in a TCP Packet's Payload? edit