First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

How Can I Change the Data in a TCP Packet's Payload?

Hello,

I have several Pcap files. I'd like to edit the contents of the TCP payload on these files. For example, I would like to completely get rid of the 10 = 221 at the end of this packet.

image description

Similarly, I would like to append this 10 = 221 to the end of the following packet's TCP payload.

Is this possible? If so, how can I do this in Wireshark?

Thanks!

trist's avatar
5
trist
asked 2020-05-28 21:39:46 +0000, updated 2020-05-28 21:40:44 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

From the old Q&A site: Edit PCAP File
The presentation @Jasper refers to from Sharkfest 2011.
Tools section of the Wireshark wiki
Careful if you try it with Scapy. There was a recent question where it looks like read/write might have issues.

Chuckc's avatar
3k
Chuckc
answered 2020-05-29 01:52:44 +0000
edit flag offensive 0 remove flag delete link
more

Comments

If you have input on editing packets in Wireshark, there is an open bug

Chuckc's avatar Chuckc (2020-05-29 01:56:20 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer