Hi Andy,
Lots of interesting suggestions - one that I have used which works
decently is the bittwist family (works on most platforms including
Windows with pre-built binaries available). Just make sure you heed
Guy's warning - there are many other embedded fields and it's hard to
get them all in a completely automated fashion.
http://bittwist.sourceforge.net/
--Jim
> -----Original Message-----
> Hey all:
>
> I'm doing some troubleshooting in a client environ,
> and we're using Wireshark to analyze CIFS traffic.
>
> Problem is, they're a secure site, and require a
> whitewash/screening process on all data before they
> can send to us.
>
> In this case, the trace was taken between a W2K3
> server and a Netapp filer (just between two
> interfaces/IPs), and we're looking for a way we can
> basically whitewash the trace. That is, basically
> replace the IPs within the trace with other IPs
> (change "10.100.100.1" to "192.168.1.1") and the same
> for MACs.
>
> However, unfortunately when opening traces with vi and
> the like, the IPs are not listed in plaintext.
>
> I checked all available docs, and did some google
> hunts. Is there a way to do this, basically take a
> Wireshark trace file, then edit it to "swap out" data
> like IPs and MACs?
>
> Thanks for your time.
> -Andy K
>