On Wed, 31 Jan 2001 20:45:17 -0800
cconlon <cconlon@xxxxxxx> wrote:
>
> I apologize if this is already answered in the archives but I couldn't
> seem to find so I'll ask anyway.
>
> I receive analyzer files in various formats that I use ethereal to
> translate. Recently the requirement came up to
> change certain fields in these trace files and rewrite them. For
> example, I might want to change a Destination MAC address field for all
> packets that have a 00:00:00:00:00:00 in that position. I want to keep
> the same file and only modify that address in the records that
> have it. I want to preserve the file except for this.
>
> First Question:
>
> Is there an easy way with tethereal or editcap to do this ?
>
> Second Question:
>
> I know I can write an intermediate file in pcap format. Are there any
> pre-built routines that will let me match and substitute ?
>
None of our software (ethereal, tethereal, editcap) has the capability
of overwriting the value of fields.
--gilbert