1
1
What would be an easy way to replace a sensitive IP address in a Wireshark packet capture with XXX.XXX.XXX.XXX? When I export the pcap in txt or csv I can no longer import it into Wireshark.
flashnode
Posted 2012-04-05T20:38:49.470
Reputation: 339
0
When running a Linux box, you could perform a
sed -i 's/10.10./XX.XX./g' <file name>
where 10.10. are the first two octets of your IP address and is the name of the capture log.
Under Windows you could run an advanced editor and use the search and replace feature.
Valentin
Posted 2012-04-05T20:38:49.470
Reputation: 826
this seems to corrupt the capture. I can only see about 700 out of the 1500+ lines in my capture after running this. Any ideas? – jmort253 – 2012-08-20T16:48:14.227
Does your package capture file contain any binary data? If yes, try strings <filename> |sed -i 's/10.10./XX.XX./g' - – Valentin – 2012-08-20T17:27:38.893