Hi, I am working on a project for a professor to collect smb packet headers on university network. Due to security reasons uid, mid, file path, etc. needs to be one-way encrypted. I was wondering if anyone can help me figure out how i can modify these header fields in the dissected tree directly that is returned by libwireshark (edt->tree) before i can save this header to a pcap or a simple xml file with header in hex format. Thank You asked 25 Mar '11, 04:55  hetul317 |
One Answer:
You cannot change data with Wireshark. You should add a program that modifies the files after you have saved them. answered 27 Mar '11, 11:07  harper |
