Menu
i have a pcap file captured using wireshark. suppose the pcap has 6 packets numbered from 1 to 6 as shown below. now i want to edit this pcap file so that i get the packets in some different order. For eg, if original pcap packets are
1,2,3,4,5,6
i want a new pcap after editing, where now packets are in the order (say for example) as :
2,3,1,4,5,6
similarly i can have some other order for eg, 2,4,5,6,1,3 or any other order.
Can anyone let me know how can i do that ? (may be using wireshark or any other method). any help will be greatly appreciated. thanks
289
You can use combination of editcap and mergecap
To solve your problem:
editcap -r in.pcap tmp1 2-3
editcap -r in.pcap tmp2 1
editcap -r in.pcap tmp3 4-6
mergecap -w out.pcap -a tmp1 tmp2 tmp3
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
