I have a pcap capture of socks traffic. The traffic goes like -
client_ip <-> 127.0.0.1:9050 <-> destination_ip
Looking at pcap in wireshark, thus, shows:
src_ip = 127.0.0.1
dst_ip = 127.0.0.1
Is it possible to change src_ip and dst_ip addresses?
I tried bittwiste as:
bittwiste -I in.pcap -O out.pcap -T ip -p 6 -s 127.0.0.1,1.2.3.4 -d
127.0.0.1,4.3.2.1
But, only first record gets modified. All packets from 2nd onwards remain the same.
I also tried tcprewrite as:
tcprewrite --seed=325 --infile=in.pcap --outfile=out.pcap
This changes all src_ip & dst_ip (127.0.0.1) to the same random IP, since it finds only one (same) endpoint IP.
How can I modify src & dst ip addresses in a socks traffic capture.?
Thanks
