J. Andrew Kitkowski wrote:
Hey all:
I'm doing some troubleshooting in a client environ,
and we're using Wireshark to analyze CIFS traffic.
Problem is, they're a secure site, and require a
whitewash/screening process on all data before they
can send to us.
In this case, the trace was taken between a W2K3
server and a Netapp filer (just between two
interfaces/IPs), and we're looking for a way we can
basically whitewash the trace. That is, basically
replace the IPs within the trace with other IPs
(change "10.100.100.1" to "192.168.1.1") and the same
for MACs.
However, unfortunately when opening traces with vi and
the like, the IPs are not listed in plaintext.
I checked all available docs, and did some google
hunts. Is there a way to do this, basically take a
Wireshark trace file, then edit it to "swap out" data
like IPs and MACs?
Thanks for your time.
-Andy K
____________________________________________________________________________________
Fussy? Opinionated? Impossible to please? Perfect. Join Yahoo!'s user panel and lay it on us. http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
They could use tcprewrite (part of the tcpreplay suite) to sanitize the
captures.
http://tcpreplay.synfin.net/trac/wiki/tcprewrite#tcprewrite
-Dan
