tcpdump mailing list archives
Re: Tools for stripping parts of a pcap file?
From: Guy Harris <guy () alum mit edu>
Date: Sun, 13 May 2007 10:06:29 -0700
Luis Martin Garcia wrote:
Well, you can open your pcap file with Wireshark (ethereal), select the packets you want using the filter and saving them using the standard "save as" option.
He doesn't want packets saved as is, he wants *transformed* versions of the packets written to the new file:
sthaug () nethelp no wrote:Does anybody know of a good tool for stripping parts of the packets in a pcap file? Say I have a pcap file containing GRE encapsulated info, and I want to strip the outer IP + GRE headers and leave the rest, writing out the result to another (valid) pcap file
I don't know of any tool that would do that, although it might not be *too* painful to write one to do that particular operation.
- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Tools for stripping parts of a pcap file? sthaug (May 13)
- Re: Tools for stripping parts of a pcap file? Luis Martin Garcia (May 13)
- Re: Tools for stripping parts of a pcap file? Guy Harris (May 13)
- Re: Tools for stripping parts of a pcap file? sthaug (May 13)
- Re: Tools for stripping parts of a pcap file? Luis Martin Garcia (May 13)
- Re: Tools for stripping parts of a pcap file? Bruce M. Simpson (May 13)
- Re: Tools for stripping parts of a pcap file? Luis Martin Garcia (May 13)