Hello! I have captured the PPPoE/PPP-Session Packets at my DSL-Router and want to use the .cap file for Trainings. Naturally I want to remove my PAP-ID and Password for Security reasons. How can I edit a .cap-File? I tried the Windows Editor, but it alters something in the file so that Wireshark refuses to open it. Any suggestions? asked 01 Aug '13, 02:08  udo229 |
3 Answers:
PCAP files are binary files so you can't edit them with most text editors. Some UNIX/Linux editors like A much better solution in the UNIX/Linux (and also Cygwin) worlds is There may be native Windows binary editors but I'm not aware of them. Wireshark does have some basic/experimental packet editing features but they are not compiled in by default; to get them you would need to compile your own version of Wireshark with the feature enabled. answered 01 Aug '13, 06:16  JeffMorriss ♦ |
There is also TraceWrangler, a capture sanitisation tool for pcapng files made by @Jasper. I don't know if it deals with PPP Id's and passwords though. answered 05 Aug '13, 01:49  grahamb ♦ no, it does not handle ppp headers yet, but I admit that this question made me look at a trace to see how much work it is :-) (05 Aug '13, 02:57) Jasper ♦♦ |
Perfect! I found a binary Editor for Windows (FrHed) and it worked out perfect!
Thank You very much!