Revision history  [back]

Hi all,

I want to use tcprewrite to change the MAC address of the packets in my pcap file, but whenever I tried to do so, I get the error message "Fatal Error: Error rewriting packets". I narrowed it down to 1 specific packet, and on Wireshark, it is indicated as "malformed". (Other malformed packets in the same pcap did not affect tcprewrite, but this packet did.)

Since "malformed" is not an actual protocol, I can't use tshark on my Linux server to remove them first. Is there any other way to remove such malformed packets?

Thank you.