Wireshark: Editing A Packet
There are many situations where you wish you could share a trace file with a vendor, but you can’t because the packets may contain sensitive data such as corporate identifying information, IP addresses, and passwords.
But now, Wireshark, the open source network analysis tool, has an experimental feature under Edit->Preferences called Enable Packet Editor which does exactly what is says. You can edit anything in the packet at any layer. In this video, I change a CDP device ID and CDP’s checksum.
This editing technique doesn’t scale well or isn’t practical if you need to modify 1,000 packets, but I still find it helpful and hope the Wireshark development team continues to build on this cool feature. I am surprised that Wireshark doesn’t have a more comprehensive packet edit tool, but happy it's making headway.
As I mention in the video, there are some tools out there that will change the MAC address or IP address in all your packets like TraceWrangler, which I have used for a while.
Please keep in mind that you should only share real corporate packets that you are familiar with and with vendors you trust. In my network troubleshooting work, I’ve received many trace files that contained more information than the customer was aware of and wouldn't be too happy about them being shared.
Recommended For You
Low-Power WANs offer an alternative to 5G for connecting a fast-growing array of basic devices and sensors that transmit small amounts of data.
An effective network visibility strategy requires understanding the technical, financial, political, and legal aspects impacting your network operations.
Emerging organizational structures for IT include placement of IT pros in user areas and departments forming their own "micro IT's."
Comparing a good and bad trace helps identify performance issues. Dynamic baselining can be used when you do not have a good trace to reference.
Combining commodity server platforms and FPGA-based SmartNICs will allow network applications to operate at hundreds of gigabits of throughput with support for millions of simultaneous flows.
SD-WAN implementations are on the rise thanks to the potential cost savings, increased network resiliency, and better application performance they deliver.