Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 9234] Modify value in a protocol container

Wireshark-bugs: [Wireshark-bugs] [Bug 9234] Modify value in a protocol container

Date: Sun, 10 Nov 2013 21:16:07 +0000

Comment # 11 on bug 9234 from Jakub Zawadzki

(In reply to comment #10)
> In concept, I think something like this could work:
> 
> tshark -r infile.pcap -A ip.host "/10.1.1.1/10.2.2.2/" -w outfile.pcap
> 
> That would take the value in any container matching ip.host in infile.pcap,
> replace any occurrence of 10.1.1.1 with 10.2.2.2, then save the result to
> outfile.pcap. The idea would be to make it extensible to any container
> tshark can dissect, with the flexibility of sed.

I'd rather crate seperate binary so maybe - sedshark?

Anyway, can do. I hope you don't care about CRCs.

In 2011 I proposed syntax like:
editcap \
    --change="ip.src="" && ip.dst==192.168.0.2 ==> ip.src=""
ip.dst=10.0.0.2, ip.checksum=NEW" \
    --change="ip.src="" && ip.src="" ==> ip.src=""
ip.dst=10.0.0.1, ip.checksum=NEW"

Kuba.

You are receiving this mail because:

You are watching all bug changes.

Prev by Date: [Wireshark-bugs] [Bug 9234] Modify value in a protocol container
Next by Date: [Wireshark-bugs] [Bug 9247] Crash in TCP reassemble when a read filter is applied yielding no results
Previous by thread: [Wireshark-bugs] [Bug 9234] Modify value in a protocol container
Next by thread: [Wireshark-bugs] [Bug 9234] Modify value in a protocol container
Index(es):
- Date
- Thread