Wireshark-users: [Wireshark-users] Diameter [Malformed Packet: GTPv2]

From: Bo Xu <xubo.leo@xxxxxxxxx>
Date: Fri, 26 Aug 2011 00:21:11 +0800

Hello  guys ,

         I am very confused that I got "Malformed Packet: GTPv2" in every Diameter (CCR) in version 1.6 . 

   I tried multiple versions of wireshark , I have found that  for the same err_sample.pcap which I have already attached , there is

   no such annoying prompt in version 1.2.16 .   I read the WireShark manual , there is some explanation in this URL.

   http://www.wireshark.org/docs/wsug_html_chunked/AppMessages.html#id622336 . 

   To my understanding , mostly there is something wrong in the packet content . Another proof is that other diameter packet is working

   perfectly with wireshark 1.6.1 version .

   Here comes my question :    does this   AVP(20600)  finally caused the "malformed packet" prompt because there is no data in this AVP?

   Or is there anything wrong with the CCR packet content ? 

   FYI : Diameter Server Port is 6555 ,  and this server connects the multiple clients.

     Service-Information: 00005078c000000c00013c680000036ac000001c000028af...
            AVP: Unknown(20600) l=12 f=VM- vnd=81000
                AVP Code: 20600 Unknown
                AVP Flags: 0xc0
                AVP Length: 12
                AVP Vendor Id: Unknown (81000)
                [No data]
                    [Expert Info (Warn/Undecoded): Data is empty]
                        [Message: Data is empty]
                        [Severity level: Warn]
                        [Group: Undecoded]
            AVP: PS-Information(874) l=28 f=VM- vnd=TGPP
[Malformed Packet: GTPv2]
    [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
        [Message: Malformed Packet (Exception occurred)]
        [Severity level: Error]
        [Group: Malformed]

BR
Xu Bo

Attachment: err_sample.zip
Description: Zip archive