This is not really necessary but I wanted to show this so that you know what we’re dealing with here. I can very well change my destination IP address as well but let’s just keep it simple here. I want to change my source IP 192.168.2.99 to something else here. ip.addr=104.28.23.87 & ip.addr = 192.168.2.99Īs you can see, I’ve marked the IP filter and the source destination. In my case, it was IP address for and server. Simply filter for what you want to see in your pcap. Let’s begin: Step1: Filter pcap for source and destination this is a super quick dump of the process, so excuse the typos) This would generate some TCP, HTTP and TLS traffic along with some other noises that I will filter in Wireshark and then change my workstation IP address ( 192.168.2.99) to Google DNS IP address ( 8.8.8.8).
To make things easier for this guide, I will just use a browser and browse to. You can also use other tools to do it on the fly but they require more setup and all I just wanted to do is to hide my source IP. So, in summary I had to filter all of these noises and change IP address in packet capture file to hide source IP address, this is similar to faking IP address in packet captures.
Yeah, that means removing all those noises like DNS, UDP, Broadcast, Cisco ARP, Broadcast, MDNS (yes, that too), SSDP … yes, pretty much anything except TCP/UDP, HTTP and TLS trarffic between my server and the destination server. Now, both works but I just got pissed off in a particular situation where sed wasn’t an options (the file was literally few GB’s in size and most text editors would just freeze) and to make things worse, I needed to filter a lot of info and only keep source and destination IP addresses in there for privacy’s sake. If you’ve tried this and looked around the interwebs, you’d surely know that there’s not many guides available and most people would just tell casually “just use sed” or use “WireEdit” and pay some fees for their license. This maybe required when you’re trying to send the capture file to someone that you don’t really share your real IP’s with or you just want to change cause you can. I’m sure you bumped into situations where you needed to fake IP address in a capture file.
0 kommentar(er)
