On Jun 21, 2010, at 12:58 PM, prashanth s wrote: > I need to alter a few of the fields in the pcap for the higher level > protocols such as MAPI and then write those fields back to the pcap. Could > any one please tell me how to do it?
Do it in Wireshark, or do it in some other tool? We don't, and won't, support that in Wireshark dissectors; they are forever forbidden from modifying the data they're handed. If you think you need to do it in Wireshark, please explain what you're trying to do, and we'll tell you the way it's done (which probably involves creating a new tvbuff with the modified data and handing that to subdissectors - that's how both decryption, decompression, and fragment reassembly are done, for example). ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
