Wireshark · Wireshark-users: Re: [Wireshark-users] How to replace IP addresses in a trace file?

Wireshark-users: Re: [Wireshark-users] How to replace IP addresses in a trace file?

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Fri, 22 Sep 2006 17:24:46 -0700


On Sep 22, 2006, at 12:27 PM, P Li wrote:

Hello, I want to use a trace file in a demo. Is it possible to
manipulate part of the IP addresses without changing other information
(timestamp, flags etc.). For instance, how can I change all the IP
addresses 10.1.x.x to 192.168.x.x in a trace file? It seems Editcap
can not do this. Any tools?

If the trace files are in libpcap format (the standard format forWireshark), you might be able to use some of the Internet TrafficArchive tools:


	http://ita.ee.lbl.gov/html/software.html

or modify those tools to do what you want. (tcpdpriv is orientedtowards hiding network information; I don't see any obvious indicationof a way to get it to do *particular* mappings of IPv4 addresses, soyou might have to modify it to add such an option.)

References:
- [Wireshark-users] How to replace IP addresses in a trace file?
  - From: P Li

Prev by Date: Re: [Wireshark-users] IEC 60870-5-104 Plugin?
Next by Date: Re: [Wireshark-users] Playing trace/capture file in tcpreplay and reading out w/wireshark, using lo0
Previous by thread: [Wireshark-users] How to replace IP addresses in a trace file?
Next by thread: [Wireshark-users] Child capture process died: Segmentation violation - core dumped
Index(es):
- Date
- Thread