Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] How to capture original packet ?

From: "Lars Ruoff" <lars.ruoff@xxxxxxxxxxxxxxxxx>
Date: Thu, 11 Oct 2007 11:26:43 +0200
Hello Vivek,
 
Maybe you're mxing up some things.
>From what you write I conclude that what you actually might want to do is
"intercept" (=prevent that it is receptioned on a higher layer) a packet,
rather than just "capture" (=get a copy of its content) it.
If so, then Wireshark is not the tool to do it.
And I doubt that there is any tool for doing this easily.
If you want a machine that stands in a transmission path and adds delay (or
other perturbations) to packets, then what you need is probably a PC with
two network interfaces, capturing from one, applying the perturbation and
then playing back onto the other.
Some comercial solutions based on this principle exist: Netdisturb, Internet
Simlulator, ...

Regards,
Lars Ruoff


	On 10/11/07, Vivek Satpute <vivekonline86@xxxxxxxxx> wrote: 

		Respected Sir/Madam,
		
		I am student of Pune University, doing project on WAN
Emulator. 
		
		I have following query : 
		wireshark uses the libpcap library which gives the copy of
packet. 
		So, How to capture the original packet at data link layer or
network layer ? 
		
		We want to experiment the behavior by adding delays to those
packets, and 
		that is why we want the actual packet and a copy of packet
wont serve purpose. 
		
		
		Thanks in advance.
		

		_______________________________________________
		Wireshark-dev mailing list
		Wireshark-dev@xxxxxxxxxxxxx
		http://www.wireshark.org/mailman/listinfo/wireshark-dev