With editcap you can actually remove multiple frames(people like to call it packets in general) you don't want. For example if I want to remove frame number 40, 69, 71, 113 and 115 in mail.pcap -
shell>editcap mail.pcap mail-modified.pcap 40 69 71 113 115
Add_Selected: 40
Not inclusive ... 40
Add_Selected: 69
Not inclusive ... 69
Add_Selected: 71
Not inclusive ... 71
Add_Selected: 113
Not inclusive ... 113
Add_Selected: 115
Not inclusive ... 115
Check with capinfos -
shell>capinfos -c mail.pcap
File name: mail.pcap
Number of packets: 173
shell>capinfos -c mail-modified.pcap
File name: mail-modified.pcap
Number of packets: 168
Quick and easy!
Cheers (;])
No comments:
Post a Comment