Get raw text for this example (you can click any command below to see its doc) 
/*
    Changes content of trace file
 
    Runs as: anettest -d eth0 -f this_file.fws
 */


TRACE
   
PARAMETERS: <name of trace file>


Opens the given trace file for subsequent work with it.




 smtp_client.pcap  
// opens trace file


INCLUDE
   
PARAMETERS: <name of file>


Starts processing the content of given file. The search of file will be performed in the current directory, all search paths (see option -I). For every path the content of samples, headers, traces folders will be also examined. You can also type just the name of file without INCLUDE
   
PARAMETERS: <name of file>


Starts processing the content of given file. The search of file will be performed in the current directory, all search paths (see option -I). For every path the content of samples, headers, traces folders will be also examined. You can also type just the name of file without INCLUDE
   
PARAMETERS: <name of file>


Starts processing the content of given file. The search of file will be performed in the current directory, all search paths (see option -I). For every path the content of samples, headers, traces folders will be also examined. You can also type just the name of file without include before it.




 before it.




 before it.




 tcp


// defines the mask for packets which will be modified


CLEARMASK
   
PARAMETERS: no parameters


The mask of packet (the set of previously defined conditions) will be cleared. New mask will correspond to any packet. This command is usually contained in headers to make the mask correspond to all packets of given type (ex: TCP packets).





ethproto = ip
ip.proto = tcp
srcip 194.85.99.33


// performs modification


CHTRACE
   
PARAMETERS: "{" <block of script> "}"


The given block of script may contain field's values definitions or command PRINT
   
PARAMETERS: <message>


Displays the given message. Use symbol 
 in message to indicate that line feed must be performed.




. These definitions will be applied to every packet from trace file which corresponds the mask described before the command.




 {

	PRINTL
   
PARAMETERS: <message>


Analog of PRINT
   
PARAMETERS: <message>


Displays the given message. Use symbol 
 in message to indicate that line feed must be performed.




 command. Additionally performs the line feed.




 
'before:\n$fullpacket$\n'


   dstip 88.210.60.143
   dstport 25
   ip.len IPlen
   tcp.crc TCPcrc
   ip.crc IPcrc

   PRINT
   
PARAMETERS: <message>


Displays the given message. Use symbol 
 in message to indicate that line feed must be performed.




 
'$srcport$\n'

	PRINTL
   
PARAMETERS: <message>


Analog of PRINT
   
PARAMETERS: <message>


Displays the given message. Use symbol 
 in message to indicate that line feed must be performed.




 command. Additionally performs the line feed.




 
'after:\n$fullpacket$\n'

}

 // write 
// write file to disk