Wireshark-dev: Re: [Wireshark-dev] How to capture original packet ?
From: "Lars Ruoff" <[email protected]>
Date: Thu, 11 Oct 2007 11:26:43 +0200
Hello Vivek,
Maybe you're mxing up some things.
>From what you write I conclude that what you actually might want to do is
"intercept" (=prevent that it is receptioned on a higher layer) a packet,
rather than just "capture" (=get a copy of its content) it.
If so, then Wireshark is not the tool to do it.
And I doubt that there is any tool for doing this easily.
If you want a machine that stands in a transmission path and adds delay (or
other perturbations) to packets, then what you need is probably a PC with
two network interfaces, capturing from one, applying the perturbation and
then playing back onto the other.
Some comercial solutions based on this principle exist: Netdisturb, Internet
Simlulator, ...

Lars Ruoff

	On 10/11/07, Vivek Satpute <[email protected]> wrote: 

		Respected Sir/Madam,
		I am student of Pune University, doing project on WAN
		I have following query : 
		wireshark uses the libpcap library which gives the copy of
		So, How to capture the original packet at data link layer or
network layer ? 
		We want to experiment the behavior by adding delays to those
packets, and 
		that is why we want the actual packet and a copy of packet
wont serve purpose. 
		Thanks in advance.

		Wireshark-dev mailing list
		[email protected]