Wireshark mailing list archives
Re: Saving without payload
From: Sake Blok <sake () euronet nl>
Date: Sat, 28 Nov 2009 10:16:43 +0100
On Fri, Nov 27, 2009 at 10:25:06AM -0800, Guy Harris wrote:
On Nov 27, 2009, at 4:22 AM, WATT DAVE wrote:Can Wireshark do any of this?No. You'd have to write your own application to do that.
Or make use of tools that others have written. Have a look at bittwist (http://bittwist.sourceforge.net/). In this suite, the program bittwiste is capable of editing libpcap files. One of the options is: -L layer Copy up to the specified layer and discard the remaining data. Value for layer must be either 2, 3 or 4 where 2 for Ethernet, 3 for ARP or IP, and 4 for ICMP, TCP or UDP. You can do a few other runs with to change ip addresses with '-T ip' and : -s sip or oip,nip Source IP address. Example: -s 192.168.0.1 If oip and nip are specified instead, all occurences of oip in the source IP address field will be replaced with nip. -d dip or oip,nip Destination IP address. Example: -d 192.168.0.2 If oip and nip are specified instead, all occurences of oip in the destination IP address field will be replaced with nip. However, bittwiste does not like vlan-tags, so you should make traces without 802.1q headers. You can also have a look at tcpreplay (http://tcpreplay.synfin.net/trac/) although I (shamefully) have to admit I have not used it yet myself. Apart from that, there has been quite an extensive discussion about packet scrubbing at Sharkfest'09. Bottom line of the discussion was that it's very difficult to do right 100% and it's even worse than no scrubbing at all if people rely on it and it's not done right. So the idea of implementing scrubbing is kind of 'parked' at the moment... Hope this helps, Cheers, Sake ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Saving without payload WATT DAVE (Nov 27)
- Re: Saving without payload Guy Harris (Nov 27)
- Re: Saving without payload Sake Blok (Nov 28)
- Re: Saving without payload Martin Visser (Nov 29)
- Re: Saving without payload WATT DAVE (Nov 30)
- Re: Saving without payload Guy Harris (Nov 27)