Wireshark mailing list archives
Re: How to edit a specific byte in a pcap file ?
From: Abhijit Bare <abhibare () gmail com>
Date: Sat, 27 Feb 2010 09:14:46 -0700
One other technique I used - I save the raw file in "K12 text file" format using wireshark. I can then open text file in an editor and make all the changes. When going back to raw format, there is no "pcap" option to directly save. Not sure why not. In current wireshark, I saw "pcapng" (experimental) format. Save as pcapng and then save as pcap. Also remember that generally the checksums go bad after editing bytes. - Abhijit On Fri, Feb 26, 2010 at 12:00 PM, j.snelders <j.snelders () telfort nl> wrote:
Hi Shashank, You can use HxD; a freeware hex and disk editor. You can download it here: http://mh-nexus.de/en/hxd/ Best regards Joan On Fri, 26 Feb 2010 19:24:09 +0100 Jaap Keuter wrote:Hi, Sounds you could use a true hex editor. You'll have to target the byte by hand, but you seem to know what you're looking for. Thanks, Jaap Shashank Agarwal wrote:Hi, How can I modify a specific byte using WireShark or any of its tools.Itried bit-twiste, tcprewrite, tcpreplay-edit, but to no avail. These tools provide predefined and limited editing capability like editing theIP address or TCP port or changing timestamp etc. E.g. I have the hex bytes from an ethernet broadcast packet - ff ff ff ff ff ff 00 0b 20 40 15 6d 19 02 40 ...... First six bytes is dest. address, next 6 bytes is source address, "1902" is packet type and the 15th byte (0x40) contains a flag. I want toturn on the second bit in this 15th byte. Essentially replacing 0x40 with 0x42. Which tool can help me with this modification in the pcap file? Thanks___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- How to edit a specific byte in a pcap file ? Shashank Agarwal (Feb 26)
- Re: How to edit a specific byte in a pcap file ? Jaap Keuter (Feb 26)
- Re: How to edit a specific byte in a pcap file ? j.snelders (Feb 26)
- Re: How to edit a specific byte in a pcap file ? Abhijit Bare (Feb 27)
- Re: How to edit a specific byte in a pcap file ? j.snelders (Feb 28)
- Re: How to edit a specific byte in a pcap file ? j.snelders (Feb 28)
- Re: How to edit a specific byte in a pcap file ? j.snelders (Feb 26)
- Re: How to edit a specific byte in a pcap file ? Jaap Keuter (Feb 26)