I'm trying to replace a specific MAC address in a pcap using tcp-rewrite and can't figure out how to do it. It looks like it replace ALL the macs when I use the -enet-dmac command (or -enet-smac). I want to substitute one specific MAC with another specific MAC. asked 12 Sep '17, 00:07  kdani |
One Answer:
If you don't have the requirement of using tcprewrite it may be easier to do that with TraceWrangler. It requires Windows or running it using WINE on Linux. answered 12 Sep '17, 01:11  Jasper ♦♦ thanks, it is possible solution - I managed to do it using another tool: http://www.lovemytool.com/blog/2011/05/bittwiste-pcap-capture-file-editor-by-joke-snelders.html (12 Sep '17, 05:09) kdani |
Arguably, questions about tcprewrite are off topic for this site although there are a number of folks around that can help or suggest alternative approaches so I'll let these slide for now.