Simple Interface
Edit a network packet at any stack layer from L2 to L7 with just a few keystrokes. No hacking required.
Edit a network packet at any stack layer from L2 to L7 with just a few keystrokes. No hacking required.
WireEdit knows all elements of a packet, their types, encoding, inter-dependency, position offsets, constraints, checksums, etc.
As you're editing WireEdit takes care of all the behind-the-scene details on-the-fly. No need to think about any of it.
WireEdit is first-of-a-kind and the only full stack cross-platform WYSIWYG network packets editor. It allows editing packets data at all stack layers as "rich text" in a simple point-and-click interface. The input and output format is Pcap.
What if one has to quickly edit some upper layers fields and add/delete some optional fields in captured packets, all on the condition that it's impossible to tell whether or not any editing has been done? WireEdit solves this problem.
We are not aware of a comparable full stack packet editor, free or commercial.
Yes, but it's just a small fraction of its capabilities. WireEdit at its core is about editing the packets' data itself, including the application stack layers above TCP/UDP/SCTP.
Strictly speaking, Pcap is just a wrapper format for holding captured packets binaries. While some Pcap metadata (timestamps for example) editing is supported by WireEdit for user convenience, it's generally not the main focus of the development. A good list of existing Pcap tools could be found here.
Network packets carry all kinds of sensitive data, including login credentials, crypto keys, private text messages, etc. In fact, data carried by any packet field can be considered sensitive in some context. How could one quickly scrub the sensitive data from a pcap file, while keeping the structure and integrity of the packets binaries otherwise intact?
You need a full stack packet editor. WireEdit is the only one.
Yes, WireEdit is free to use for everyone. Please see WireEdit EULA.
No.
Windows XP+, Ubuntu Desktop, Mac OSX. If possible, we strongly recommend using WireEdit under Windows. The Ubuntu and OSX ports while fully usable, are... oh.. well... "less perfect". See READMEFIRST.txt.
Ethernet, IPv4, IPv6, UDP, TCP, SCTP, ARP, RARP, DHCP, DHCPv6, ICMP, ICMPv6, IGMP, DNS, LLDP, RSVP, FTP, NETBIOS, GRE, IMAP, POP3, RTCP, RTP, SSH, TELNET, NTP, LDAP, XMPP, VLAN, VXLAN, CIFS/SMB v1 (original), BGP, OSPF, SMB3, iSCSI, SCSI, HTTP/1.1, HTTP2, OpenFlow 1.0-1.4, SIP, SDP, MSRP, MGCP, MEGACO (H.248), H.245, H.323, CISCO Skinny, Q.931/H.225, SCCP, SCMG, SS7 ISUP, TCAP, GSM MAP R4, GSM SM-TP, M3UA, M2UA, M2PA, CAPWAP, IEEE 802.11, SMPP, TLS, Modbus, NASDAQ Arca, more to come...
In order to edit a text document one doesn't have to know about the character encoding schemes, formatting and pagination algorithms, etc. To use a vector graphics editor one doesn't have to know vector math. In these and many other cases visual editors take care of the hard stuff behind-the-scenes.
WireEdit allows editing network packets at any stack layer without knowing their syntax and the encoding rules. You can edit packets in WYSIWYG mode without directly manipulating their binaries. WireEdit verifies all the changes you make on-the-fly and takes care of fields/layers encoding, offsets, inter-dependency, integrity, etc.
Yes. You can perform bulk overwrite of sensitive packet fields in Layers 2-7 for without breaking the packets binary structure.
Any packet field which can be calculated according to specs is calculated on-the-fly. No user action is required.
Yes. WireEdit can support any network protocol/stack no matter how complex.
Yes. Moreover, you can edit as Hex a selected stack layer (a PDU) or even a single data field. You can switch back to WYSIWYG mode at any moment.
No, but we would be happy to talk about it.
Yes. You have to use special Field Overwrite mode. In this mode you can break the syntax rules, but then you're on your own.