Wireshark mailing list archives

Re: malformed packet

From: Brian Oleksa <oleksab () darkcornersoftware com>
Date: Wed, 03 Mar 2010 15:17:43 -0500

Wiresharkers

I think I may have narrowed down my malformed packet problem....but I amnot sure how to fix it.

It appears that my offset is just not correct. I have manually countedthe bytes as I went...but I still come up with a different

value than I expected.

If I get a "unknown code"... then the packet becomes malformed. But ifthe code exists, it dissects the bytes properly and works fine.


Attached is the code.

Any help is greatly appreciated.

Thanks,
Brian




Eloy Paris wrote:

Hi Brian,

I think your message came only to me. Could you resend it and includethe wireshark-dev list? That way the changes of getting a response aregreater since I am just not seeing what can be wrong :-(


Cheers,

Eloy Paris.-
netexpect.org

On 03/03/2010 03:13 PM, Brian Oleksa wrote:

Eloy / Wiresharkers

I think I may have narrowed down my malformed packet problem....but I am
not sure how to fix it.

It appears that my offset is just not correct. I have manually counted
the bytes as I went...but I still come up with a different
value than I expected.

If I get a "unknown code"... then the packet becomes malformed. But if
the code exists, it dissects the bytes properly and works fine.

Attached is the code.

Any help is greatly appreciated.

Thanks,
Brian



Eloy Paris wrote:

On 03/02/2010 08:48 AM, Brian Oleksa wrote:

Does anybody know why I am getting a malformed packet..??

The data in the wireshark gui looks perfect (I hard coded thepacket so

I am seeing what I am expecting to see)...
but at the end of every packet there is this ugly pink "Malformed
Packet".

Anybody have any ideas..??


Without seeing the packet it's hard to say what is malformed about it.
Could be missing data, a field with invalid data, etc. Can you tell us
how you crafted this packet?

Cheers,

Eloy Paris.-
netexpect.org

Attachment: packet-helen.c
Description:

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

malformed packet Brian Oleksa (Mar 02)
- Re: malformed packet Eloy Paris (Mar 02)
  - Message not available
    - Message not available
    - Re: malformed packet Brian Oleksa (Mar 03)
    - Re: malformed packet Jakub Zawadzki (Mar 03)
    - Re: malformed packet Brian Oleksa (Mar 04)