[Guy Harris <gharris@xxxxxxxxx>]

On Mon, Apr 12, 2004 at 07:23:05PM -0400, Donnie Hale wrote:
> Is there a utility in the ethereal suite which will create a hex dump file
> that will feed correctly into text2pcap?

Not really - the original idea behind text2pcap was that it would let
you turn various hex dumps of packets into files that could be read by
tools that read libpcap-format files, not that it'd be a tool for doing
those sorts of transformations.  Nobody's written a tool of the sort you
describe and contributed it to us.

> Also, if I modify the payload
> portion of such packets, it appears that text2pcap doesn't correct the TCP
> checksum. Can I force it to do that?

No, it has no option to do that.

> Here's what I'm trying to do. Given an existing capture file, let's say in
> pcap format, I want to massage its contents some and create a new, valid
> capture file.

You might consider writing a program that uses libpcap to read packets
from a capture file, massage them, and write packets to a new capture
file; you could do it in C, using libpcap directly, or, for example,
write it in Perl using Net::Pcap.