OSPF Malformed Packet....

["Gaudineer, Kevin" <GAUDINKL () ihs org>]

Greetings WireShark Users

I have done some packet captures of several Fiber WAN interfaces in our network.  All of these traces are showing that 
the OSPF LS  update packets are malformed.  This seems a little confusing because when I check the headers for IP in 
the protocol tree, for example, the checksums are correct.  Its just the OSPF headers that are not correct.

I do not have a inline tap for the Fiber WAN interfaces so I used the Pcap engine in the hardware itself to do the 
capture,  in this case it is a Nortel 8610 and I am using the development version of WireShark  V1.4.0rc2  .  My 
question is.  Is it possible because of the way I did the capture that this is the reason for the maformed packet 
showing?  A sample of the protocol tree is shown below:



No.     Time        Source                Destination           Protocol Info
3          0.000000    10.8.11.113           224.0.0.5             OSPF     LS Update[Malformed Packet]

Frame 3: 64 bytes on wire (512 bits), 64 bytes captured (512 bits)
Ethernet II, Src: Nortel_62:02:20 (00:18:b0:62:02:20), Dst: IPv4mcast_00:00:05 (01:00:5e:00:00:05)
802.1Q Virtual LAN, PRI: 7, CFI: 0, ID: 2032
Internet Protocol, Src: 10.8.11.113 (10.8.11.113), Dst: 224.0.0.5 (224.0.0.5)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0xc0 (DSCP 0x30: Class Selector 6; ECN: 0x00)
    Total Length: 1476
    Identification: 0xbb0e (47886)
    Flags: 0x00
    Fragment offset: 0
    Time to live: 1
    Protocol: OSPF IGP (89)
    Header checksum: 0x0295 [correct]
        [Good: True]
        [Bad: False]
    Source: 10.8.11.113 (10.8.11.113)
    Destination: 224.0.0.5 (224.0.0.5)
Open Shortest Path First
    OSPF Header
        OSPF Version: 2
        Message Type: LS Update (4)
        Packet Length: 1456
        Source OSPF Router: 10.31.254.251 (10.31.254.251)
        Area ID: 0.0.0.0 (Backbone)
        Packet Checksum: 0xde74 [incorrect, should be 0xef30]
        Auth Type: Null
        Auth Data (none)
    LS Update Packet
[Malformed Packet: OSPF]
    [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
        [Message: Malformed Packet (Exception occurred)]
        [Severity level: Error]
        [Group: Malformed]

_____
./| ,[_____],
|¯¯¯L--O|||||||O_
()_)¯()_) ¯¯¯ )_)
 Jeeps Rule

Kevin L Gaudineer
Iowa Health System
Sr. Network Support
Desk Phone (515)-241-7745
Cell Phone:  (515)-205-3069

         ********************************************

This message and accompanying documents are covered by the 
Electronic Communications Privacy Act, 18 U.S.C. §§ 2510-2521, 
and contain information intended for the specified individual(s) only. 
This information is confidential. If you are not the intended recipient 
or an agent responsible for delivering it to the intended recipient, you 
are hereby notified that you have received this document in error and 
that any review, dissemination, copying, or the taking of any action 
based on the contents of this information is strictly prohibited. If you 
have received this communication in error, please notify us immediately 
by e-mail, and delete the original message.

        *********************************************

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe