Hi there,
I have a (big) trace file which content packets are snapped from WAND. I want
to analyze the trace through Bro which unfortunately drops malformed packets,
e.g. if the IP total length is not equal to the actual packet size. I stumbled
upon this tool and the definition in --fixlen fits my requirement perfectly,
where I can pad zero bits to match the IP total length. The only problem was,
as of tcprewrite 4.2.6, this does not seem to pad the packets in the trace
correctly, it only pads to the actual bits field, i.e. it just match the value
of bytes on wire and the value of captured bytes as opposed to the IP total
length. The command I used is
tcprewrite --fixlen=pad --infile=<file> --outfile=<file>
Please advise
Thanks,
Hendra
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Tcpreplay-users mailing list
Tcpreplay-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
