TraceWrangler - Packet Capture Toolkit


TraceWrangler is a network capture file toolkit running on Windows (or on Linux, using WINE) that supports PCAP as well as the new PCAPng file format, which is now the standard file format used by Wireshark. The most prominent use case for TraceWrangler is the easy sanitization and anonymization of PCAP and PCAPng files (sometimes called "trace files", "capture files" or "packet captures"), removing or replacing sensitive data while being easy to use.




Created: May 23, 2017

32bit version: TraceWrangler Beta 0.6.2 build 799 (GPG Signature: tracewrangler.exe.sig)
MD5 (32bit zip): 43DFB26484EDF8EEABFC6864A3E9591F

64bit version: TraceWrangler Beta 0.6.2 build 799 (GPG Signature: tracewrangler.exe.sig)
MD5 (64bit zip): EE0B7D86A95E867A6960B789C312A362

Source Code: TraceWranglerSrc_0.6.0.7z

There is also a semi-automated build section where you can download current builds. Those builds are usually working better than the latest stable release, but in some cases features may not be implemented completely yet, or still broken. Also, the documentation isn't up to date.

My GPG public key can be found here


Documentation is available online, as well as a Windows help file inside the download container. There also is a PDF File.


You can also take a look at my presentation I did about anonymizing network packet trace files at Sharkfest 2013. There is also a video recording of that talk on LoveMyTool.

Changelog and Updates

There is a ChangeLog available, listing all the changes for published versions. Updated versions will also be announced via twitter (@packetjay). There is also a RSS feed available.

Feedback and Known Issues

Sent feedback about bugs, feature requests and other topics to "jasper [ät]". My PGP key is found here.

If you sent bug reports, please include

TraceWrangler has some limitations at the moment (which may most likely last a little longer than just "a moment"):

Thanks, and have fun,