 | 1 | initial version |
"malformed" is not an actual protocol
...but _ws.malformed is a valid named field; try using !_ws.malformed as a filter to display only the non-malformed packet.
(What does Wireshark display as the contents of that packet? Does it have source and destination MAC addresses? If so, you might want to report a bug in tcprewrite.)
