Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] How to capture original packet ?

From: Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>
Date: Thu, 11 Oct 2007 16:21:54 -0400

FreeBSD's dummynet (part of its ipfw module):

http://www.freebsd.org/cgi/man.cgi?query=dummynet&apropos=0&sektion=4&manpath=FreeBSD+6.2-stable&format=html

is also quite a good WAN emulator (and much more stable than my last experience with Nistnet).

Maynard, Chris wrote:
Shunra also offers some excellent products, but I recall them being rather expensive. (http://www.shunra.com/products)
Most of the time I simply use Nistnet for this purpose though: http://www-x.antd.nist.gov/nistnet/ <http://www-x.antd.nist.gov/nistnet/> . It's free.
- Chris


________________________________

From: wireshark-dev-bounces@xxxxxxxxxxxxx on behalf of Lars Ruoff
Sent: Thu 10/11/2007 5:26 AM
To: 'Developer support list for Wireshark'
Cc: 'jayesh agrawal'; sanjay.raghani@xxxxxxxxx; 'Kartik Nibjiya Studyin .... Wat else ???'
Subject: Re: [Wireshark-dev] How to capture original packet ?



Hello Vivek,

Maybe you're mxing up some things.
From what you write I conclude that what you actually might want to do is
"intercept" (=prevent that it is receptioned on a higher layer) a packet,
rather than just "capture" (=get a copy of its content) it.
If so, then Wireshark is not the tool to do it.
And I doubt that there is any tool for doing this easily.
If you want a machine that stands in a transmission path and adds delay (or
other perturbations) to packets, then what you need is probably a PC with
two network interfaces, capturing from one, applying the perturbation and
then playing back onto the other.
Some comercial solutions based on this principle exist: Netdisturb, Internet
Simlulator, ...

Regards,
Lars Ruoff


        On 10/11/07, Vivek Satpute <vivekonline86@xxxxxxxxx> wrote:

                Respected Sir/Madam,
I am student of Pune University, doing project on WAN
Emulator.
I have following query :
                wireshark uses the libpcap library which gives the copy of
packet.
                So, How to capture the original packet at data link layer or
network layer ?
We want to experiment the behavior by adding delays to those
packets, and
                that is why we want the actual packet and a copy of packet
wont serve purpose.
Thanks in advance.