Menu
I want to delete certain packets (which I don't want to be part of my new pcap file) from the wireshark file (Copy of the original pcap file) via Java code.
Is it possible to create a new pcap file with certain packets removed?
634
Pcap isn't a format specific to Wireshark, Wireshark just happens to be able to both perform a packet capture and save it in a pcap format, as well as process pcap files for you to view, so you could probably remove the Wireshark part of the question and just ask how to manipulate pcap files using java. This would be far easier than trying to work out how to use Java to work with Wireshark to produce the resultant packet capture.
In terms of manipulating a pcap file in Java, there are many third party libraries available that expose the pcap format, or wrappers for the pcap libraries, and I suppose in most of them there would be some way to filter the captured data and save it back to a file.
Check out http://code.google.com/p/sjpcap/ which is a simple alternative to the popular wrapper http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/ both of which are able to process/filter/manipulate pcap files. The latter is more complex and potentially overkill for what you are doing.
91
answered Sep 21 '25 13:09
The easy way:
tshark to filter the original pcap file.For example: If I need to filter the pcap files to keep only UDP traffic, so you can do:
tshark -r originl.pcap -w filtered.pcap -Y "udp"
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
