Wireshark-dev: Re: [Wireshark-dev] How to capture original packet ?
From: "Maynard, Chris" <[email protected]>
Date: Thu, 11 Oct 2007 08:17:19 -0400
Shunra also offers some excellent products, but I recall them being rather expensive. (http://www.shunra.com/products)
Most of the time I simply use Nistnet for this purpose though: http://www-x.antd.nist.gov/nistnet/ <http://www-x.antd.nist.gov/nistnet/> .  It's free.
- Chris


From: [email protected] on behalf of Lars Ruoff
Sent: Thu 10/11/2007 5:26 AM
To: 'Developer support list for Wireshark'
Cc: 'jayesh agrawal'; [email protected]; 'Kartik Nibjiya Studyin .... Wat else ???'
Subject: Re: [Wireshark-dev] How to capture original packet ?

Hello Vivek,

Maybe you're mxing up some things.
From what you write I conclude that what you actually might want to do is
"intercept" (=prevent that it is receptioned on a higher layer) a packet,
rather than just "capture" (=get a copy of its content) it.
If so, then Wireshark is not the tool to do it.
And I doubt that there is any tool for doing this easily.
If you want a machine that stands in a transmission path and adds delay (or
other perturbations) to packets, then what you need is probably a PC with
two network interfaces, capturing from one, applying the perturbation and
then playing back onto the other.
Some comercial solutions based on this principle exist: Netdisturb, Internet
Simlulator, ...

Lars Ruoff

        On 10/11/07, Vivek Satpute <[email protected]> wrote:

                Respected Sir/Madam,
                I am student of Pune University, doing project on WAN
                I have following query :
                wireshark uses the libpcap library which gives the copy of
                So, How to capture the original packet at data link layer or
network layer ?
                We want to experiment the behavior by adding delays to those
packets, and
                that is why we want the actual packet and a copy of packet
wont serve purpose.
                Thanks in advance.

                Wireshark-dev mailing list
                [email protected]

Wireshark-dev mailing list
[email protected]

This email may contain confidential and privileged material for the
sole use of the intended recipient(s). Any review, use, retention,
distribution or disclosure by others is strictly prohibited. If you
are not the intended recipient (or authorized to receive for the
recipient), please contact the sender by reply email and delete all
copies of this message. Also, email is susceptible to data
corruption, interception, tampering, unauthorized amendment and
viruses. We only send and receive emails on the basis that we are
not liable for any such corruption, interception, tampering,
amendment or viruses or any consequence thereof.