Saturday, July 01, 2006

Another Pcap File Editor - Bittwiste

If you feel that l33tness is important and you would like to do stuffs in CLI instead of GUI, no problem!!!!! Instead of using netdude, you can actually use bittwiste. What is bittwiste, it is a command line based pcap file editor that bundled with bit-twist(Libpcap-based Ethernet packet generator).

For more information, you can check out more info at it's main site, I pretty like the bittwiste reference sheet that located at

http://bittwist.sourceforge.net/doc/bittwiste_options_s.jpg

To change the destination address to 10.0.0.2, you can just run

shell>bittwiste -I /nsm/pcap/testing.pcap \
-O /nsm/pcap/testing1.pcap -T ip -d 10.0.0.2

To confirm that I have edited it correctly, I run tcpdump to check the output,

shell>tcpdump -qeXXttttnr /nsm/pcap/testing1.pcap -c 8


Bittwiste will automatically fix the checksum value as well, it is very quick and neat tool to modify pcap file indeed. Credit goes to Addy who create this interesting tool.

Peace :]

4 comments:

Anonymous said...

Hi Lee!
Appreciate your review on the Bit-Twist project very much :)

The Windows port for it came it late though. But it is up now.

p/s:
bittwiste reference sheet is actually located here http://bittwist.sourceforge.net/doc/bittwiste_options.jpg
- eventually a GUI-based bittwiste will be built around the reference sheet, eventually... :)

C.S.Lee said...

hey addy,

No problem, I seriously like bittwist for it's simplicities and flexibilities.

Ah, the gui-based bittwiste? Anyway I would like to see the practical use of bittwistb too.

SUBBU said...

Hi how do i change the source IP address and the destination MAC Address. I tried the options given but it dosent seem to change

Anonymous said...

you can use new tool called packetsquare-capedit [www.packetsquare.com]