TraceWrangler – Packet Capture Toolkit

TraceWrangler is a network capture file toolkit running on Windows (or on Linux, using WINE) that supports PCAP as well as the new PCAPng file format, which is now the standard file format used by Wireshark.

The most prominent use case for TraceWrangler is the easy sanitization and anonymization of PCAP and PCAPng files (sometimes called “trace files”, “capture files” or “packet captures”), removing or replacing sensitive data while being easy to use.

TraceWrangler - Packet Capture Toolkit
TraceWrangler – Packet Capture Toolkit

Supported features with this toolkit are:

  • utility to read, write and modifiy PCAPng files
  • Sanitization / Anonymization / Scrubbing of packet captures created by Wireshark/ TCPDump / etc.
  • Editing packets in batch, especially by removing certain protocol layers like MPLS, GRE or GTP-u, or to convert Linux cooked captures to Pseudo-Ethernet
  • Merging capture files, especially PCAPng files with more than one interface and using filters to keep only certain frames
  • Gathering and aggregating packet details about a large number of capture files, like IP, TCP and UDP conversations
  • Displaying the PCAPng specific block structure of a file
  • extracting conversations from multiple files to new capture files, based on manual filters, capture file indicator frames, or Snort alerts

You can read more and download this tool over here:

Notify of
Inline Feedbacks
View all comments