On Wed, Oct 8, 2008 at 1:11 PM, Morrison's Doghouse - Hannes <[EMAIL PROTECTED]> wrote: > Sorry, i didn't get exactly when you did use "--enable-debug" and "-d2". > Is there a way to use the pcap file anyway skipping those maliciuous packets > or do i have to get them first out of the pcap file?
./configure --enable-debug # builds tcpreplay w/ debugging enabled tcprewrite -d2 <other args here> # enables debug level 2 output to stderr Since most of the packets were captured with a 54 byte capture length (default in tcpdump) I would do: tcpdump -r 500.pcap -w 500-54bytes_or_greater.pcap greater 53 Which would filter out all the sub 54 byte packets and create a new pcap file which should work just fine with tcpprep/tcprewrite. -- Aaron Turner http://synfin.net/ http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Tcpreplay-users mailing list Tcpreplay-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tcpreplay-users Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
