Wireshark-dev: Re: [Wireshark-dev] How to capture original packet ?
From: Jaap Keuter <[email protected]>
Date: Fri, 12 Oct 2007 07:50:42 +0200

My advice: Stay away from NISTnet. It's outdated, and buggy. A far more clean and maintained solution is the netem feature of the Linux Kernel.
See http://linux-net.osdl.org/index.php/Netem


Maynard, Chris wrote:
Shunra also offers some excellent products, but I recall them being rather expensive. (http://www.shunra.com/products)
Most of the time I simply use Nistnet for this purpose though: http://www-x.antd.nist.gov/nistnet/ <http://www-x.antd.nist.gov/nistnet/> . It's free.
- Chris


From: [email protected] on behalf of Lars Ruoff
Sent: Thu 10/11/2007 5:26 AM
To: 'Developer support list for Wireshark'
Cc: 'jayesh agrawal'; [email protected]; 'Kartik Nibjiya Studyin .... Wat else ???'
Subject: Re: [Wireshark-dev] How to capture original packet ?

Hello Vivek,

Maybe you're mxing up some things.
From what you write I conclude that what you actually might want to do is
"intercept" (=prevent that it is receptioned on a higher layer) a packet,
rather than just "capture" (=get a copy of its content) it.
If so, then Wireshark is not the tool to do it.
And I doubt that there is any tool for doing this easily.
If you want a machine that stands in a transmission path and adds delay (or
other perturbations) to packets, then what you need is probably a PC with
two network interfaces, capturing from one, applying the perturbation and
then playing back onto the other.
Some comercial solutions based on this principle exist: Netdisturb, Internet
Simlulator, ...

Lars Ruoff

        On 10/11/07, Vivek Satpute <[email protected]> wrote:

                Respected Sir/Madam,
I am student of Pune University, doing project on WAN
I have following query :
                wireshark uses the libpcap library which gives the copy of
                So, How to capture the original packet at data link layer or
network layer ?
We want to experiment the behavior by adding delays to those
packets, and
                that is why we want the actual packet and a copy of packet
wont serve purpose.
Thanks in advance.