And if you care about correct checksums/CRCs, then you may have to adjust those fields as well. And you might have to make changes in several places. ![]() ![]() This is because there are often length fields embedded in the packet data, so you need to be sure that the new length matches the data. NOTE that when editing packets, especially when adding/removing bytes, you will likely need to make other adjustments as well in order for the packets to still make sense. After that, you can use text2pcap to convert the modified text file back to a binary pcap file that can then be loaded back into Wireshark, or you can use Wireshark's built-in functionality to directly import the text file containing the modified hex dump of the packets you previously exported via " File -> Import From Hex Dump.". From Wireshark, you can export your packets to a Plain Text file via " File -> Export Packet Dissections -> As Plain Text." with the Packet Format options set so that only the Packet Bytes are exported, and then use any text editor to modify the packet data as needed.I'll also note that Notepad++ has a hex editor plugin available in case that's of any interest to you. Maybe have a look at this Comparison of hex editors to help guide you. ![]() There are many so search for and use whichever one that works for you. There are a number of ways to modify packet data.
0 Comments
Leave a Reply. |