Wireshark mailing list archives

Re: Processing packet before exporting it.

From: Dario Lombardo <dario.lombardo.ml () gmail com>
Date: Wed, 22 Nov 2017 18:15:06 +0100

Exactly. The only help it provided was basically to give you the single
packet bytes. Less bytes to stare than the giant 100M pcap file :).
The other help was that once changed, the capture file could be saved
again, with changes included (AFAICR).

On Wed, Nov 22, 2017 at 6:02 PM, Pascal Quantin <pascal.quantin () gmail com>
wrote:



Le 22 nov. 2017 17:36, "Dario Lombardo" <dario.lombardo.ml () gmail com> a
écrit :

On Wed, Nov 22, 2017 at 5:21 PM, Manik Khandelwal <
manik123khandelwal () gmail com> wrote:

I want to edit the bytes with full knowledge of structure.

There was such a feature in wireshark GTK gui. It has not been ported to
QT yet and there are no plans at the moment for that. Maybe you could try
to compile it or use some bin package that provide the old gui and play a
little bit with it. For the sake of completeness: it's just a bit more than
an hex editor, by the way. But points to the actual packet bytes, that
makes some of the job you should do yourself with an hex editor.
Hope it helps.


There was indeed an experimental packet editor, but it was very limited
(basically as far as I can remember it could edit values like what you
could do with an hex editor, but was not a generic encoder for any given
protocol).

Pascal.

____________________________________________________________
_______________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=
unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Processing packet before exporting it. Manik Khandelwal (Nov 22)
- Re: Processing packet before exporting it. Pascal Quantin (Nov 22)
  - Re: Processing packet before exporting it. Manik Khandelwal (Nov 22)
    - Re: Processing packet before exporting it. Pascal Quantin (Nov 22)
    - Re: Processing packet before exporting it. Richard Sharpe (Nov 22)
    - Re: Processing packet before exporting it. Manik Khandelwal (Nov 22)
    - Re: Processing packet before exporting it. Dario Lombardo (Nov 22)
    - Re: Processing packet before exporting it. Pascal Quantin (Nov 22)
    - Re: Processing packet before exporting it. Dario Lombardo (Nov 22)
    - Re: Processing packet before exporting it. João Valverde (Nov 23)
    - Re: Processing packet before exporting it. Maynard, Chris (Nov 27)
    - Re: Processing packet before exporting it. João Valverde (Nov 27)
    - Re: Processing packet before exporting it. João Valverde (Nov 27)
    - Re: Processing packet before exporting it. Jakub Zawadzki (Nov 24)
- Re: Processing packet before exporting it. Guy Harris (Nov 22)
- <Possible follow-ups>
- Re: Processing packet before exporting it. Maynard, Chris (Nov 22)