["Donnie Hale" <donnie@xxxxxxxxxxxxxx>]

I've searched the mail archives and google for this question, which I'm sure
has been answered; but I've had no luck.

Is there a utility in the ethereal suite which will create a hex dump file
that will feed correctly into text2pcap? Also, if I modify the payload
portion of such packets, it appears that text2pcap doesn't correct the TCP
checksum. Can I force it to do that?

Here's what I'm trying to do. Given an existing capture file, let's say in
pcap format, I want to massage its contents some and create a new, valid
capture file. It looked like text2pcap may be the answer, as I could take
hex dumps of the original file, make my desired changes, and then run
text2pcap to get the new file. That of course begs the question of how I
take an existing capture file and create a text file that text2pcap will
read and process.

I tried "tethereal -n -x -r <original-file.cap>". However, tethereal insists
on printing those summary lines before each of the packet content dumps.
Text2pcap doesn't like that. If I manually remove those lines, text2pcap
seems to process those lines just fine.


Many thanks,

Donnie