# How to edit radius protocol packet in Wireshark?

hey all

i have snoop pcap file and i need to modify some radius packets. what i need to change is ip source, ip destination, name and the password is there a way to do this with wireshark tools?or this is impossible for radius protocol or do i need another tool to create my new pcap file.

internet protocol version 4, src....., dst .... header: source: destination

edit retag close merge delete

Sort by » oldest newest most voted

Wireshark doesn't provide any packet editing capabilities.

(Older versions of the Legacy (Gtk) Wireshark (such as 2.2.x) included a basic packet editor feature that you could enable at the bottom of the Edit -> Preferences page, which will allow you to edit packets by right-clicking on the packet details pane and choosing Edit packet, but that feature has since been removed.)

If you're on the Windows platform, then your best bet might be to try tools like TraceWrangler or WireEdit. If you're on another platform, then have a look at the Capture file anonymization section of the Wireshark wiki Tools page for a list of some other tools that could possibly help you.

more

thank you i've already tried wireshark 1.12.8 with the edit experimental feature but it doesn't work for the ip and password and also wireEdit but it doesn't works for radius packets...is there a method to create a new pcap file with 5 to 10 packets where i can insertthe values i want.

thank you!

( 2018-10-31 14:19:57 +0000 )edit

Have you tried TraceWrangler?

If none of those tools work for you, I suppose you could always use the old-school hex-editor method of modifying packets as needed, but this is usually tedious, error-prone and difficult to do properly. If you're not careful, you'll end up with malformed packets, so you really have to understand the pcap or pcapng file formats well before you attempt something like that. I would highly recommend working with pcap files instead of pcapng files, as they are much simpler. And even then, you'll probably end up with checksum errors, which can be fixed (or ignored if you wish) later through multiple iterations. Did I mention this can be tedious?

Rather than using a binary hex-editor though, it might be easier to convert a pcap file using tshark (e.g., tshark -r file.pcap -x > file.txt and then use a normal ...(more)

( 2018-10-31 15:15:23 +0000 )edit

Ok thanks that's so nice from you, I will test with the tshark plus text2pcap approach first, if this does not work I will try the other two methods you merntioned (tcpwrangler, hex editor) since I have some doubts concerning checksum issues but it might be that checksum could be deactivated (e.g. "validation disabled" under wireshark view ?) to avoid network rejects (?).

( 2018-10-31 16:05:21 +0000 )edit

Yes, you can certainly disable checksum validation or simply disregard the checksum errors if you don't feel like fixing them.

( 2018-10-31 16:22:04 +0000 )edit

I would also go with TraceWrangler for IP header etc. For editing Radius fields I would use Scapy. => Read pcap file, edit fields in packet X, write a new pcap file.

( 2018-11-01 07:10:58 +0000 )edit

## Stats

Seen: 189 times

Last updated: Oct 31 '18