You could take the packets, print their time stamps and raw hex data, write a program (in whatever language) to do the transformation described above and write the resulting file out, and then turn it into a pcap file using text2pcap. Text2pcap might help here, but it's not sufficient. construct a type/length field value depending on the "protocol type" field.construct a fake address for the other MAC address.using the link-layer address (assuming it's 6 octets long if not, it'd have to construct a fake one) as the source or destination address depending on whether the packet was sent by or received by the capturing host.As I stated in a comment on your other related question, editcap does NOT transform the contents of packets it will not, for example, take packets with Linux cooked capture headers, remove the cooked capture headers, construct Ethernet headers by:
0 Comments
Leave a Reply. |