TraceWrangler - Packet Capture Toolkit

Introduction

TraceWrangler is a network capture file toolkit running on Windows (or on Linux, using WINE) that supports PCAP as well as the new PCAPng file format, which is now the standard file format used by Wireshark. The most prominent use case for TraceWrangler is the easy sanitization and anonymization of PCAP and PCAPng files (sometimes called "trace files", "capture files" or "packet captures"), removing or replacing sensitive data while being easy to use.

Features

Screenshot

License and Certificates/Hashes

Tracewrangler is freely available as open source, and is released under the GNU General Public License version 2.

Update 20th of May, 2025:

I haven't worked on Tracewrangler much the last couple of months (years :-/). Also, my build pipeline is not working correctly anymore, and I need to fix it (among many other things). This means that

Download

Created: January 12, 2025

32bit version: TraceWrangler Beta 0.6.9 build 984
MD5 (32bit zip): ce4a4c9c159f31b6ab151f8234b065eb

64bit version: TraceWrangler Beta 0.6.9 build 984
MD5 (64bit zip): 03ab18e52617cf9345c16024ed3b3500

Source Code: TraceWranglerSrc_0.6.8.zip (outdated)


My GPG public key can be found here

Documentation

Documentation is available online, as well as a Windows help file inside the download container. There also is a PDF File.

Presentations

You can also take a look at my presentation I did about anonymizing network packet trace files at Sharkfest 2013.

Changelog and Updates

There is a ChangeLog available, listing all the changes for published versions (outdated, too. Sorry.). Updated versions will also be announced via BlueSky (@packetjay).

Feedback and Known Issues

Sent feedback about bugs, feature requests and other topics to "jasper [ät] packet-foo.com". My PGP key is found here.

If you sent bug reports, please include

TraceWrangler has some limitations at the moment (which may most likely last a little longer than just "a moment"):

Thanks, and have fun,
Jasper