Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 4311] New: displays '[Malformed Packet]' for (probably) va

Date: Wed, 9 Dec 2009 12:35:54 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4311

           Summary: displays '[Malformed Packet]' for (probably) valid
                    AJP13 request
           Product: Wireshark
           Version: 1.3.x (Experimental)
          Platform: x86
        OS/Version: Debian
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: mail.twerner@xxxxxxxxxxxxxx


Created an attachment (id=4046)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=4046)
soap-over-ajp13.pcap

Build Information:
Compiled with GTK+ 2.18.3, with GLib 2.22.2, with libpcap 1.0.0, with libz
1.2.3.3, without POSIX capabilities, without libpcre, without SMI, without
c-ares, without ADNS, without Lua, without Python, without GnuTLS, without
Gcrypt, without Kerberos, without GeoIP, without PortAudio, without AirPcap,
with new_packet_list.
NOTE: this build doesn't support the "matches" operator for Wireshark filter
syntax.

Running on Linux 2.6.31-1-686, with libpcap version 1.0.0.

Built using gcc 4.3.4.
--
There are 2 JBoss instances and 1 apache httpd loadbalancer with mod_jk. JBoss
#1 sends a SOAP request (HTTP/1.1 with Transfer-Encoding: chunked) to the
loadbalancer which translates it to AJP 1.3 and forwards it to JBoss #2 where
the packets are captured by wireshark. Wireshark displays packet #5 and #7 as
'malformed'. I think they are fully valid after reading the AJP 1.3 spec. I'll
attach the capture file.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.