Hi there, I'm looking to record some videos from the Wireshark interface and for that purpose I would like to simulate a scenario where I'm live capturing the data while recording the screen. For practical reasons, however, it would be ideal if I could "play" a pcap file so that it appears as if the data is coming in message-by-message (as in live capture) at the original speed of the incoming transmissions. Is this possible in Wireshark or via some plugin? Thank you, Martin asked 10 May '17, 14:23  mfcss |
2 Answers:
I think there are tools that can take a capture file and replay it, using the packet time stamps to determine when to send the packets, so that, for example, if two packets in the file have time stamps 1 second apart, the packets will be sent 1 second apart. That may not be what you want, however, as it causes actual network traffic to occur. In theory, a program could be written that reads a capture file and writes the records from the capture file to the standard output, with the delays between packet records being determined by the packet time stamps; you could then start Wireshark up, capturing from a pipe, and have the program write to the pipe. That would look a little different, when starting up, from a live capture, but it'd look very similar to a live capture as the packets come in. I don't know of such a tool, however. answered 10 May '17, 21:39  Guy Harris ♦♦ |
Maybe you can use 'tcpreplay'? answered 13 May '17, 10:39  r00t070 |
