How to edit radius protocol packet in Wireshark?

asked 2018-10-31 11:23:07 +0000

cilzzz
1 ●1 ●1 ●1

updated 2018-10-31 16:47:59 +0000

Jaap

13730 ●684 ●115

hey all

i have snoop pcap file and i need to modify some radius packets. what i need to change is ip source, ip destination, name and the password is there a way to do this with wireshark tools?or this is impossible for radius protocol or do i need another tool to create my new pcap file.

internet protocol version 4, src....., dst .... header: source: destination

radius protocol AVP (attribute values pair user-name: chap-password

thanks in advance

edit retag flag offensive close merge delete

add a comment

answered 2018-10-31 14:03:02 +0000

cmaynard

11115 ●11 ●317 ●165 https://www.igt.com/

Wireshark doesn't provide any packet editing capabilities.

(Older versions of the Legacy (Gtk) Wireshark (such as 2.2.x) included a basic packet editor feature that you could enable at the bottom of the Edit -> Preferences page, which will allow you to edit packets by right-clicking on the packet details pane and choosing Edit packet, but that feature has since been removed.)

If you're on the Windows platform, then your best bet might be to try tools like TraceWrangler or WireEdit. If you're on another platform, then have a look at the Capture file anonymization section of the Wireshark wiki Tools page for a list of some other tools that could possibly help you.

edit flag offensive delete link

Comments

thank you i've already tried wireshark 1.12.8 with the edit experimental feature but it doesn't work for the ip and password and also wireEdit but it doesn't works for radius packets...is there a method to create a new pcap file with 5 to 10 packets where i can insertthe values i want.

thank you!

cilzzz ( 2018-10-31 14:19:57 +0000 )edit

Have you tried TraceWrangler?

If none of those tools work for you, I suppose you could always use the old-school hex-editor method of modifying packets as needed, but this is usually tedious, error-prone and difficult to do properly. If you're not careful, you'll end up with malformed packets, so you really have to understand the pcap or pcapng file formats well before you attempt something like that. I would highly recommend working with pcap files instead of pcapng files, as they are much simpler. And even then, you'll probably end up with checksum errors, which can be fixed (or ignored if you wish) later through multiple iterations. Did I mention this can be tedious?

Rather than using a binary hex-editor though, it might be easier to convert a pcap file using tshark (e.g., tshark -r file.pcap -x > file.txt and then use a normal ...(more)

cmaynard ( 2018-10-31 15:15:23 +0000 )edit

Ok thanks that's so nice from you, I will test with the tshark plus text2pcap approach first, if this does not work I will try the other two methods you merntioned (tcpwrangler, hex editor) since I have some doubts concerning checksum issues but it might be that checksum could be deactivated (e.g. "validation disabled" under wireshark view ?) to avoid network rejects (?).

cilzzz ( 2018-10-31 16:05:21 +0000 )edit

Yes, you can certainly disable checksum validation or simply disregard the checksum errors if you don't feel like fixing them.

cmaynard ( 2018-10-31 16:22:04 +0000 )edit

I would also go with TraceWrangler for IP header etc. For editing Radius fields I would use Scapy. => Read pcap file, edit fields in packet X, write a new pcap file.

Uli ( 2018-11-01 07:10:58 +0000 )edit

add a comment

How to edit radius protocol packet in Wireshark?

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

How to edit radius protocol packet in Wireshark? edit

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

How to edit radius protocol packet in Wireshark?