Hi, I have a captured pcap file with a single packet and I would like to edit it and change some value in the user data field (CFLOW). Is there any way I can do it with wireshark assuming it will also update the checksum value of the packet? The edited packet would be sent to the network using tcpreplay.. This question is marked "community wiki". asked 15 Feb '11, 00:47 questions edited 15 Feb '11, 00:48 |
One Answer:
Wireshark won't allow you to edit your pcap file, but can help you get things in order again. Open the pcap file in Wireshark and a Hex editor. Use Wireshark to look up the offset of the field you want to change and make that change with the Hex editor, than save it. Now reload the file in Wireshark. That now shows you a wrong checksum, but also the value it should be(!). Use that value to update the checksum field in the hex editor. Rinse, repeat. answered 15 Feb '11, 11:48 Jaap ♦ |