Wireshark mailing list archives
OSPF Malformed Packet....
From: "Gaudineer, Kevin" <GAUDINKL () ihs org>
Date: Tue, 14 Sep 2010 15:07:15 -0500
Greetings WireShark Users I have done some packet captures of several Fiber WAN interfaces in our network. All of these traces are showing that the OSPF LS update packets are malformed. This seems a little confusing because when I check the headers for IP in the protocol tree, for example, the checksums are correct. Its just the OSPF headers that are not correct. I do not have a inline tap for the Fiber WAN interfaces so I used the Pcap engine in the hardware itself to do the capture, in this case it is a Nortel 8610 and I am using the development version of WireShark V1.4.0rc2 . My question is. Is it possible because of the way I did the capture that this is the reason for the maformed packet showing? A sample of the protocol tree is shown below: No. Time Source Destination Protocol Info 3 0.000000 10.8.11.113 224.0.0.5 OSPF LS Update[Malformed Packet] Frame 3: 64 bytes on wire (512 bits), 64 bytes captured (512 bits) Ethernet II, Src: Nortel_62:02:20 (00:18:b0:62:02:20), Dst: IPv4mcast_00:00:05 (01:00:5e:00:00:05) 802.1Q Virtual LAN, PRI: 7, CFI: 0, ID: 2032 Internet Protocol, Src: 10.8.11.113 (10.8.11.113), Dst: 224.0.0.5 (224.0.0.5) Version: 4 Header length: 20 bytes Differentiated Services Field: 0xc0 (DSCP 0x30: Class Selector 6; ECN: 0x00) Total Length: 1476 Identification: 0xbb0e (47886) Flags: 0x00 Fragment offset: 0 Time to live: 1 Protocol: OSPF IGP (89) Header checksum: 0x0295 [correct] [Good: True] [Bad: False] Source: 10.8.11.113 (10.8.11.113) Destination: 224.0.0.5 (224.0.0.5) Open Shortest Path First OSPF Header OSPF Version: 2 Message Type: LS Update (4) Packet Length: 1456 Source OSPF Router: 10.31.254.251 (10.31.254.251) Area ID: 0.0.0.0 (Backbone) Packet Checksum: 0xde74 [incorrect, should be 0xef30] Auth Type: Null Auth Data (none) LS Update Packet [Malformed Packet: OSPF] [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)] [Message: Malformed Packet (Exception occurred)] [Severity level: Error] [Group: Malformed] _____ ./| ,[_____], |¯¯¯L--O|||||||O_ ()_)¯()_) ¯¯¯ )_) Jeeps Rule Kevin L Gaudineer Iowa Health System Sr. Network Support Desk Phone (515)-241-7745 Cell Phone: (515)-205-3069 ******************************************** This message and accompanying documents are covered by the Electronic Communications Privacy Act, 18 U.S.C. §§ 2510-2521, and contain information intended for the specified individual(s) only. This information is confidential. If you are not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this document in error and that any review, dissemination, copying, or the taking of any action based on the contents of this information is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail, and delete the original message. *********************************************
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- OSPF Malformed Packet.... Gaudineer, Kevin (Sep 14)
- Re: OSPF Malformed Packet.... Stephen Fisher (Sep 14)
- Re: OSPF Malformed Packet.... Sake Blok (Sep 14)
- Re: OSPF Malformed Packet.... Jaap Keuter (Sep 14)
- Re: OSPF Malformed Packet.... Kevin Cullimore (Sep 14)
- Re: OSPF Malformed Packet.... Jaap Keuter (Sep 14)
- Re: OSPF Malformed Packet.... Sake Blok (Sep 14)
- Re: OSPF Malformed Packet.... Stephen Fisher (Sep 14)