Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 9234] Modify value in a protocol container

Wireshark-bugs: [Wireshark-bugs] [Bug 9234] Modify value in a protocol container

Date: Mon, 11 Nov 2013 22:37:17 +0000

Comment # 15 on bug 9234 from Jakub Zawadzki

(In reply to comment #14)
> Is it possible to apply the same concept to any protocol container, rather
> than just IP address? 

Sure.

Still if it's compressed/ base64-encoded or need defragmentation than this is
non trivial.

Generally it'd be quite easy, to support fields supported by Packet editor GTK+
version - numbers/ strings (of same size)/ other addresses.

Fixing IP, TCP, other CRCs is somehow more complicated but doable in 1-2 days,
editing compressed payloads or fragmentation might take few days.

> Wireshark can dissect down to the application and could conceivably perform
> an edit operation at those layers, where that is really the biggest obstacle
> for other packet editor applications out there.

Take a look at scapy, I think it's possible to decode packet, later change
fields + dump to file.

everything in python, and it's much easier to add new protocol[1] than
wireshark. Cool o/

http://www.secdev.org/projects/scapy/doc/build_dissect.html

You are receiving this mail because:

You are watching all bug changes.

Prev by Date: [Wireshark-bugs] [Bug 9416] Parse version request more verbosely in RTPproxy dissector
Next by Date: [Wireshark-bugs] [Bug 9413] Remove usb_conv_info_t from packet_info
Previous by thread: [Wireshark-bugs] [Bug 9234] Modify value in a protocol container
Next by thread: [Wireshark-bugs] [Bug 9123] Improved POWERLINK dissector
Index(es):
- Date
- Thread