The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Exact PCAP Modify (exact-pcap-modify
) is a tool which can be used to filter and modify Ethernet packets. Where modifications occur which would invalidate a checksum, Exact PCAP Modify will recalculate a correct checksum in the output file.
It can perform modify/filter operations on the following fields:
$ exact-pcap-modify -i capture.pcap -f expcap -w modified -a 1.1.1.1,2.2.2.2
Options which operate on the fields of a header are to be supplied in the form filter,modify
. For example, if Exact PCAP Modify should filter a capture such that only packets with the SRC IP of 1.1.1.1 are present written to the output, it should be invoked with the --src-ip 1.1.1.1
option.
If the user wishes to modify all packets which have the SRC IP 1.1.1.1 to produce an output where the SRC IP becomes 2.2.2.2, it should be invoked with the --src-ip 1.1.1.1,2.2.2.2
option.
When multiple filters are used, packets will need to match all of the specified filters to be present in the output capture.
The following table lists all commands available:
Short | Long | Default | Description |
---|---|---|---|
i | input | (required) | The .pcap /.expcap file to filter/modify. |
w | write | (required) | The destination file where packets which match the specified filter will be written to. |
W | write-filtered | (optional) | The destination file where all packets which do not match all specified filters will be written to. |
v | verbose | (flag) | Enables verbose output printing. |
f | format | expcap | The file format to use when writing out packets. Valid options are .pcap and .expcap . |
o | offset | 0 | Jump to the specified packet offset and start processing filter/modify operations from there. |
t | time | 0 (Epoch time in ns) | Skip all packets that are older than this time. |
m | max | 0 (no limit) | The maximum number of packets to write out in total. |
n | num-chars | 64 | For use with --verbose . Limit the amount of characters written when dumping packets. |
e | --dst-mac | (null) | Filter/modify based on the DST MAC. Accepts arguments in the form 0x001122334455 for filtering and 0x001122334455,0xAABBCCDDEEFF for filtering and modifying. |
E | --src-mac | (null) | Fitler/modify based on the SRC MAC. Accepts arguments in the form 0x001122334455 for filtering and 0x001122334455,0xAABBCCDDEEFF for filtering and modifying. |
l | vlan | (null) | Filter/modify based on the VLAN ID. Accepts arguments in the form 100 for filtering and 100,200 for filtering and modifying. The --vlan option also allows users to strip and add 8021.Q tags in addition to filtering and modifying based on these tags. For example if --vlan 0,100 is specified, that will cause Exact PCAP Modify to add an 8021.Q header with a VLAN ID of 100 to all non-8021.Q frames. The inverse usage, --vlan 100,0 will cause Exact PCAP Modify to strip all 8021.Q frames which have VLAN ID 100 and set the Ethertype to IPv4. |
a | src-ip | (null) | Fitler/modify based on the SRC IP. Accepts arguments in the form 1.1.1.1 for filtering and 1.1.1.1,2.2.2.2 for filtering and modifying. |
A | dst-ip | (null) | Fitler/modify based on the DST IP. Accepts arguments in the form 1.1.1.1 for filtering and 1.1.1.1,2.2.2.2 for filtering and modifying. |
T | ip-ttl | (null) | Fitler/modify based on the IP TTL. Accepts arguments in the form 10 for filtering and 10,64 for filtering and modifying. |
p | src-port | (null) | Fitler/modify based on the SRC PORT of the TCP/UDP header. Accepts arguments in the form 1000 for filtering and 1000,2000 for filtering and modifying. |
P | dst-port | (null) | Fitler/modify based on the DST PORT of the TCP/UDP header. Accepts arguments in the form 1000 for filtering and 1000,2000 for filtering and modifying. |
d | device-type | nexus3548 | When modifying frames, emulate the behaviour of the specified device. Valid values are: nexus3548 , fusion , triton , arista7150 . |