I want to generate a cap file with bad CRC packets using wireshark. I recorded the traffic I want but: 1. I don't see the CRC in the wireshark GUI and couldn't find where to enable this view 2. I cant find a way to "corrupt" the CRC of all packets in the cap file thank you in advance! asked 01 May '13, 00:50 ihovav edited 01 May '13, 00:51 |
One Answer:
Assuming you mean the CRC of the ethernet frame, then you're out of luck with a normal NIC. Most NIC (drivers) strip it before passing the packet to the system. That means wireshark (actually libpcap/WinPcap which does the capturing for wireshark) does not get to see the CRC. There are capture cards that do not strip the CRC, but I have not used them myself so I can't advice you on that. answered 01 May '13, 01:49 SYN-bit ♦♦ thank you very much! (01 May '13, 01:51) ihovav Network General S6040 devices do capture the FCS. I have tons of traces like that, some of which I took in a lab setup so I could offer to put excerpts of them up at Cloudshark. I haven't checked if any of them has a bad CRC, but I doubt it - it's not even the capture device that is the problem, but the switch will not forward it to the device if the checksum isn't correct (unless it's in cut through mode, which the switches in the lab weren't). (01 May '13, 09:04) Jasper ♦♦ |
In which protocol is the bad CRC? Wireshark can't (currently) edit packets, you'll need to use another tool to do that, see the tools page on the wiki.