Wireshark mailing list archives
Re: command line tools
From: Dario Lombardo <dario.lombardo.ml () gmail com>
Date: Fri, 30 Oct 2015 15:39:37 +0100
Sounds pretty similar to tcprewrite, isn't it? http://tcpreplay.synfin.net/wiki/tcprewrite On Fri, Oct 30, 2015 at 1:14 AM, Bret Jordan <jordan2175 () gmail com> wrote:
Dev list, I wrote a command line tool that you might want to include in the Wireshark bundle of command line tools. rewritecap is a tool for rebasing a PCAP file, editing layer2 and layer3 addresses, and updating ARP packets. PCAP-ng files are not currently supported. This tool will accommodate 802.1Q tagged frames and Q-in-Q double tagged frames. The timestamp changes allow you to rebase the PCAP file to a new date without changing the actual time of day or the inter-frame gaps. You can also timeshift all of the packets by a value in +/-00h00m00s format. Multiple timeshifts can be specified at the same time by separating them with a comma, thus --time-shift=2h,-3m ./rewritecap --help ./rewritecap -f test.pcap -n test2.pacp -y 2016 -m 3 -d 10 ./rewritecap -f test.pcap -n test2.pcap --ip4 10.0.2.32 --ip4-new 2.2.2.2 --mac 68:A8:6D:18:36:92 --mac-new 22:33:44:55:66:77 ./rewritecap -f test.pcap -n test2.pcap --time-shift=2h1m3s ./rewritecap -f test.pcap -n test2.pcap --time-shift=2h,-1m rebasecap is Apache 2.0 licensed and will compile to a static binary for Linux and Mac OS X. It should also compile to a static binary for Windows but have not tested that. It is written in Go 1.5. Code, install, and compile instructions can be found here: https://github.com/jordan2175/rewritecap Thanks, Bret PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- command line tools Bret Jordan (Oct 30)
- Re: command line tools Dario Lombardo (Oct 30)
- Re: command line tools Guy Harris (Oct 30)