Wireshark · Ethereal-users: [Ethereal-users] Rewriting a Destination MAC Address Field

Ethereal-users: [Ethereal-users] Rewriting a Destination MAC Address Field

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date: Wed, 31 Jan 2001 20:45:17 -0800

I apologize if this is already answered in the archives but I couldn't
seem to find so I'll ask anyway.

I receive analyzer files in various formats that I use ethereal to
translate. Recently the requirement came up to
change certain fields in these trace files and rewrite them. For
example, I might want to change a Destination MAC address field for all
packets that have a 00:00:00:00:00:00 in that position. I want to keep
the same file and only modify that address in the records that
have it. I want to preserve the file except for this.

First Question:

Is there an easy way with tethereal or editcap to do this ?

Second Question:

I know I can write an intermediate file in pcap format. Are there any
pre-built routines that will let me match and substitute ?

-C

Prev by Date: Re: [Ethereal-users] http.request display filter
Previous by thread: Re: [Ethereal-users] http.request display filter
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$