Note that wireshark is probably as better place to ask questions.
You can not do that. Wireshark doesnt support it.
A whole bunch of the fields that wireshark presents in the dissection
are purely generated/synthetic and dont actually exist in the packets
themself.
I.e. smb.time and friends
On 6/28/06, Rohit Mediratta <rohit_medi@xxxxxxxxx> wrote:
Hi,
I am using tethereal to capture a packet with a
specific field (eg. Ip address of 1.1.1.1 ) and then
modify the captured packet to send it out. I want this
to be an automated script that i can use for various
types of scnerios.
I can easily capture the packet and filter it based on
my field ( eg. Ip Address). But to modify the packet,
I need to know the offset in the packet, where the
field starts ( eg. src Ip address starts at byte 26 in
a typical case).
I want to avoid hardcoding the offset, since it can
easily lead to wrong results (eg. if Vlan tags are
enabled then everything shifts by 4 ).
Would someone know of a way to obtain the offset of a
certain field (eg. rsvp.msg == 1 returns the right
packet, but how do i know which byte in the packet is
rsvp.msg comparing against ? )
thanks,
Rohit
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users