Wireshark mailing list archives
Re: Malformed packet analysis
From: "Markus Moeller" <huaraz () moeller plus com>
Date: Mon, 13 Jan 2014 21:09:56 -0000
Hi Anders, Thanks for the hints. I found a length encoding error. It would still be nice to have a better pointer to the issue. Thank you Markus From: Anders Broman Sent: Monday, January 13, 2014 8:58 AM Newsgroups: gmane.network.wireshark.user To: Community support list for Wireshark Subject: Re: Malformed packet analysis Hi, By reading the dissector code and compare with the analyzed packet and the RFC J The most common reason for [Malformed] is that Wireshark think that there is more data to read than what’s in the packet so you might want to check your length parameters, optional vs required fields Etc. I assume Wireshark makes the right assumption of the packet content e.g. the right dissector(s) are called. If you show us the trace we could analyze it further. Best regards Anders From: wireshark-users-bounces-IZ8446WsY0/dtAWm4Da02A () public gmane org [mailto:wireshark-users-bounces-IZ8446WsY0/dtAWm4Da02A () public gmane org] On Behalf Of Markus Moeller Sent: den 12 januari 2014 19:50 To: wireshark-users-IZ8446WsY0/dtAWm4Da02A () public gmane org Subject: [Wireshark-users] Malformed packet analysis Hi, I am working on a packet generator and when I analyse the packets I create with wireshark I get a malformed packet. I think I created the packet following the RFC. How can I find our the exact reason why wireshark create the error ? Thank you Markus -------------------------------------------------------------------------------- ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users-IZ8446WsY0/dtAWm4Da02A () public gmane org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request-IZ8446WsY0/dtAWm4Da02A () public gmane org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Malformed packet analysis Markus Moeller (Jan 12)
- Re: Malformed packet analysis Anders Broman (Jan 13)
- Re: Malformed packet analysis Markus Moeller (Jan 13)
- Re: Malformed packet analysis Guy Harris (Jan 13)
- Re: Malformed packet analysis Markus Moeller (Jan 13)
- <Possible follow-ups>
- Re: Malformed packet analysis Patrick Klos (Jan 13)
- Re: Malformed packet analysis Anders Broman (Jan 13)