Ethereal-users: RE: [Ethereal-users] Newbie question about creating input to text2pcap

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Donnie Hale" <donnie@xxxxxxxxxxxxxx>
Date: Tue, 13 Apr 2004 01:39:35 -0400
Guy,

Thanks for the response. I went down the libpcap route a ways, and it would
work. I was having a few challenges getting the TCP checksum stuff to work
right (IP was OK), so that's when I started looking at ethereal utilities.
Overall, it seems like your utilities and framework for tools would be a
better approach. Now I just have to figure out the best way within the
ethereal paradigm... :)

Donnie


-----Original Message-----
From: ethereal-users-bounces@xxxxxxxxxxxx
[mailto:ethereal-users-bounces@xxxxxxxxxxxx]On Behalf Of Guy Harris
Sent: Tuesday, April 13, 2004 12:51 AM
To: Ethereal user support
Subject: Re: [Ethereal-users] Newbie question about creating input to
text2pcap


On Mon, Apr 12, 2004 at 07:23:05PM -0400, Donnie Hale wrote:
> Is there a utility in the ethereal suite which will create a hex dump file
> that will feed correctly into text2pcap?

Not really - the original idea behind text2pcap was that it would let
you turn various hex dumps of packets into files that could be read by
tools that read libpcap-format files, not that it'd be a tool for doing
those sorts of transformations.  Nobody's written a tool of the sort you
describe and contributed it to us.

> Also, if I modify the payload
> portion of such packets, it appears that text2pcap doesn't correct the TCP
> checksum. Can I force it to do that?

No, it has no option to do that.

> Here's what I'm trying to do. Given an existing capture file, let's say in
> pcap format, I want to massage its contents some and create a new, valid
> capture file.

You might consider writing a program that uses libpcap to read packets
from a capture file, massage them, and write packets to a new capture
file; you could do it in C, using libpcap directly, or, for example,
write it in Perl using Net::Pcap.

_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users