I have a series of packets in a pcap file with various protocols, such as GTPV2,S1AP,Diameter etc etc. I need to know if there's a way to modify some fields programatically, for instance:
for the GTPV2 protocol : MCC field - Mobile Country Code, MNC field - Mobile Network Code for the S1AP protocol: Protocolie-Field etc etc
I managed to get the proto_tree and modify the tvbuff contents by specifically addressing the offsets of the buffer I am interested in, but can I say something like :
e212.mcc = "something"
where e212.mccc is a Wireshark filter? I am asking if this can be done in any language, but my guess is that the dissectors are only there for displaying, not modifying and I do not have an API to directly access the fields of the packet via a Wireshark filter. If this is so, do you know of any opensource tool which can modify the packets from a pcap file according to some rules (preferably/also including Wireshark filters) ?
