I have a pcap file to replay. I want to rewrite packet payload to include a timestamp. How can I do that with tcpreplay or tcprewrite? Is there a default option or should I implement it myself (modifying tcpreplay)? I have been reading these pages for a while and google did not help me either. Thanks in advance
PS: I don't want to modify the original size of the packet, since the data is not important overwriting is fine. If only option is to modify packet size, I am fine with that too.
That kind of editing isn't supported by tcpreplay/tcprewrite, so you'd have to write the code yourself. If you don't mind corrupting your packet data (which sounds like you're ok with) then it should be pretty easy by editing tcpedit.c.
If you are not bound to a command line tool, checkout netdude. It is GTK application which allows you to edit a packet trace using just a few clicks.
Here is a screenshot that shows the dialog to edit the TCP header fields.
(source: sourceforge.net)
The accompanying library libnetdude is the core of netdude. Write your own tool with it if the GUI provided by netdude does not meet your needs.
来源:https://stackoverflow.com/questions/9913826/adding-timestamps-to-packet-payload-with-tcpreplay