Text2pcap: it gives the original unedited pcap in output
Hello!
I am doing the following:
- I select the stream to follow in Wireshark, I go to File -> Export packet Dissections -> As Plain Text.
- Then, I select
Bytesonly inPacket formatand save it in a text file. - I then edit the text file to update the hex and corresponding text (4 Bytes) and save it.
- I then run
text2pcap mytexttfile.txt output.pcapand for some reasonoutput.pcapstill has the original unedited content.
I checked the text file multiple times to make sure the edits were made and did the entire process multiple times to be sure that I was writing to the correct file.
What am I doing incorrectly? Thank You!
If it helps, I'm using Text2pcap (Wireshark) 3.6.2 (Git v3.6.2 packaged as 3.6.2-2).
I just tested with
3.6.2 (v3.6.2-0-g626020d9b3c3)on Windows. Did the export, modification, text2pcap, verify output pcap - all good.The only time it didn't work is when I modified the text at the end of the line instead of the appropriate hex digits.
If, instead, you make a copy of the file, edit that file to update the hex and corresponding text, save it, and then use
diffon UN*X orfcon Windows (ordiffif you have some UN*Xy environment such as Cygwin or WSL) to compare the original and the copy, what is the output of the comparison?What if you run
text2pcap copy-of-mytextfile.txt modified-output.pcap, wherecopy-of-mytextfile.txtis the modified version of the copy of the file, and check whethermodified-output.pcapstill has the original unedited content?