[Tcpreplay-users] Rewriting bad or malformed packets

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Is there a way to rewrite L1-3 data only and have it just accept L4-7?

This concerns malformed packets that I want to keep malformed.

Packet
00:00:00:00:00:00 > 00:00:00:00:00:00, IPv4, length 60: 192.168.76.20 > 192.168.76.8: [|ESP]    <---malformed ESP

This will not write the output file.

# tcprewrite --enet-dmac=BB:BB:BB:BB:BB:BB --enet-smac=AA:AA:AA:AA:AA:AA --pnat=192.168.76.20/32:192.168.129.1/32,192.168.76.8/32:192.168.1.1/32 --infile='esp_malformed.pcap' --outfile='./tmp/esp_malformed.pcap'

Fatal Error: Error rewriting packets: From checksum.c:do_checksum() line 65:
length of data must be > 0
#

Packet
IP 192.168.76.22 > 192.168.76.8: ESP(spi=0x1142ef60,seq=0x94142e3f), length 16    <---still malformed but seems to rewrite

This is rewritten. I believe the warning is just that the ESP protocol is not supported for correcting a checksum. Is there a way to print out only problems above warning?

# tcprewrite --enet-dmac=BB:BB:BB:BB:BB:BB --enet-smac=AA:AA:AA:AA:AA:AA --pnat=192.168.76.22/32:192.168.129.1/32,192.168.76.8/32:192.168.1.1/32 --infile='esp.pcap' --outfile='./tmp/esp_NORMAL.pcap'
Warning: Unsupported protocol for checksum: 0x32
#

[Tcpreplay-users] Rewriting bad or malformed packets

edit and replay captured network traffic

[Tcpreplay-users] Rewriting bad or malformed packets