On Mon, Nov 16, 2009 at 7:23 AM, VU, KENNY (ATTSI) <[email protected]> wrote: > I use editcap to extract RTP packets from a wiershark file. The packets are > renamed "UDP" under the Protocol column instead of staying as "RTP". > > > > How can I change the protocol marking back to RTP?
This is a wireshark issue, but basically you removed packets which allowed Wireshark to know the UDP packets in question were RTP packets. Wireshark often uses data from one flow to know how to decode another flow- especially for media protocols. > I use the following command to change IP 12.120.198.12 to 12.120.198.138 in > a Wireshark pcap file > > > > tcprewrite --infile=in.pcap --outfile=out.pcap -S 12.120.198.12 > --srcipmap=12.120.198.138 > > The OS is Linux 2.6.9-5, and version of the tcprewrite is 3.4.0, build 2145. > > > > The following error was returned: > > Only one srcipmap option allowed. Options are specified by doubled hyphens > and their name or by a single hyphen and the flag character. > > > > I tried to change the command using different combinations of "-- or -", "= > or a blank", "= or #", but to no avail. > > > > What is the right format to use? Concrete examples in the manual would be > helpful. As the man page says, the --srcipmap option uses the same format as --pnat, so you use a colon between the old/new IP: --srcipmap=12.120.198.12:12.120.198.138 > Also I need to change the time stamps of the packets. What tool can I use, > and how Netdude would work. Without knowing how you want to change the timestamps it's hard to give you a better solution. Good luck! -- Aaron Turner http://synfin.net/ http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin "carpe diem quam minimum credula postero" ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Tcpreplay-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/tcpreplay-users Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
