I have a saved pcap file that needs to be edited to remove address. Then save the file back as pcap so the Wireshark features can be used. I’m exporting the file. Export -> Export Packet Dissection -> as Plain Text file. Make the changes. Now I need to import the file and save as pcap. Is this possible? Any help is worth a beer or two! asked 28 Feb '13, 18:45  VoIP This edited 16 Mar '13, 10:53  Guy Harris ♦♦ |
3 Answers:
If ultimate purpose is just editing the pcap file, I would suggest using a pcap editing tool like bittwist, libcrafter,editcap,tcprewrite,netdude or powereditpcap. It would be way easier to use these tools than exporting as txt, editing it and exporting back as pcap. answered 28 Feb '13, 23:04  SidR |
Some resources on anonymizing network traces:
answered 16 Mar '13, 11:11 Guy Harris ♦♦ |
Another library you can use it PcapPlusPlus (github repo). It has all sorts of parsing and editing capabilities, among them is editing IP addresses answered 13 Apr '16, 14:17  seladb |
Thanks SidR. I'll have to read up on the above tools in order to edit out the public addresses and replace them with pseudo addresses. Once again thanks SidR.
editcap won't work for this purpose - it doesn't understand packet payloads - but at least some of the other tools should be able to do that.