Hi Andy, Lots of interesting suggestions - one that I have used which works decently is the bittwist family (works on most platforms including Windows with pre-built binaries available). Just make sure you heed Guy's warning - there are many other embedded fields and it's hard to get them all in a completely automated fashion.
http://bittwist.sourceforge.net/ --Jim > -----Original Message----- > Hey all: > > I'm doing some troubleshooting in a client environ, > and we're using Wireshark to analyze CIFS traffic. > > Problem is, they're a secure site, and require a > whitewash/screening process on all data before they > can send to us. > > In this case, the trace was taken between a W2K3 > server and a Netapp filer (just between two > interfaces/IPs), and we're looking for a way we can > basically whitewash the trace. That is, basically > replace the IPs within the trace with other IPs > (change "10.100.100.1" to "192.168.1.1") and the same > for MACs. > > However, unfortunately when opening traces with vi and > the like, the IPs are not listed in plaintext. > > I checked all available docs, and did some google > hunts. Is there a way to do this, basically take a > Wireshark trace file, then edit it to "swap out" data > like IPs and MACs? > > Thanks for your time. > -Andy K > _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users