Wireshark · Wireshark-users: [Wireshark-users] How to edit a specific byte in a pcap file ?

Wireshark-users: [Wireshark-users] How to edit a specific byte in a pcap file ?

From: Shashank Agarwal <agarwal_shashank@xxxxxxxxx>

Date: Thu, 25 Feb 2010 13:38:05 -0800 (PST)

Hi,

How can I modify a specific byte using WireShark or any of its tools. I tried bit-twiste, tcprewrite, tcpreplay-edit, but to no avail. These tools provide predefined and limited editing capability like editing the IP address or TCP port or changing timestamp etc.

E.g. I have the hex bytes from an ethernet broadcast packet -

ff ff ff ff ff ff 00 0b 20 40 15 6d 19 02 40 ......

First six bytes is dest. address, next 6 bytes is source address, "19 02" is packet type and the 15th byte (0x40) contains a flag. I want to turn on the second bit in this 15th byte. Essentially replacing 0x40 with 0x42.

Which tool can help me with this modification in the pcap file?

Thanks

Follow-Ups:
- Re: [Wireshark-users] How to edit a specific byte in a pcap file ?
  - From: Jaap Keuter

Prev by Date: [Wireshark-users] Filter retransmitted packets
Next by Date: [Wireshark-users] newbie question
Previous by thread: Re: [Wireshark-users] Filter retransmitted packets
Next by thread: Re: [Wireshark-users] How to edit a specific byte in a pcap file ?
Index(es):
- Date
- Thread