问题
I have a pcap file to replay. I want to rewrite packet payload to include a timestamp. How can I do that with tcpreplay or tcprewrite? Is there a default option or should I implement it myself (modifying tcpreplay)? I have been reading these pages for a while and google did not help me either. Thanks in advance
PS: I don't want to modify the original size of the packet, since the data is not important overwriting is fine. If only option is to modify packet size, I am fine with that too.
回答1:
That kind of editing isn't supported by tcpreplay/tcprewrite, so you'd have to write the code yourself. If you don't mind corrupting your packet data (which sounds like you're ok with) then it should be pretty easy by editing tcpedit.c.
回答2:
If you are not bound to a command line tool, checkout netdude. It is GTK application which allows you to edit a packet trace using just a few clicks.
Here is a screenshot that shows the dialog to edit the TCP header fields.
(source: sourceforge.net)
The accompanying library libnetdude is the core of netdude. Write your own tool with it if the GUI provided by netdude does not meet your needs.
来源:https://stackoverflow.com/questions/9913826/adding-timestamps-to-packet-payload-with-tcpreplay