Wireshark mailing list archives

Re: command line tools

From: Dario Lombardo <dario.lombardo.ml () gmail com>
Date: Fri, 30 Oct 2015 15:39:37 +0100

Sounds pretty similar to tcprewrite, isn't it?

http://tcpreplay.synfin.net/wiki/tcprewrite

On Fri, Oct 30, 2015 at 1:14 AM, Bret Jordan <jordan2175 () gmail com> wrote:

Dev list,

I wrote a command line tool that you might want to include in the
Wireshark bundle of command line tools.

rewritecap is a tool for rebasing a PCAP file, editing layer2 and layer3
addresses, and updating ARP packets. PCAP-ng files are not currently
supported. This tool will accommodate 802.1Q tagged frames and
Q-in-Q double tagged frames.

The timestamp changes allow you to rebase the PCAP file to a new date
without changing the actual time of day or the inter-frame gaps. You can
also timeshift all of the packets by a value in +/-00h00m00s format.
Multiple timeshifts can be specified at the same time by separating
them with a comma, thus --time-shift=2h,-3m

./rewritecap --help
./rewritecap -f test.pcap -n test2.pacp -y 2016 -m 3 -d 10
./rewritecap -f test.pcap -n test2.pcap --ip4 10.0.2.32 --ip4-new 2.2.2.2
--mac 68:A8:6D:18:36:92 --mac-new 22:33:44:55:66:77
./rewritecap -f test.pcap -n test2.pcap --time-shift=2h1m3s
./rewritecap -f test.pcap -n test2.pcap --time-shift=2h,-1m

rebasecap is Apache 2.0 licensed and will compile to a static binary for
Linux and Mac OS X.  It should also compile to a static binary for Windows
but have not tested that.

It is written in Go 1.5.  Code, install, and compile instructions can be
found here:

https://github.com/jordan2175/rewritecap



Thanks,
Bret
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that
can not be unscrambled is an egg."












___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org
?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

command line tools Bret Jordan (Oct 30)
- Re: command line tools Dario Lombardo (Oct 30)
- Re: command line tools Guy Harris (Oct 30)