> Also for any NCP knowledge users out there... I see some malformed
> packets sometimes on my sniffes in the info field ... What is a
> malformed NCP packet
A "Malformed Frame", in Ethereal, means a frame that Ethereal tried to
dissect, but in which it ran out of data.
I.e., the frame was shorter than Ethereal thought it should have been;
this could be due to the frame really being too short, or due to the
frame being part of a fragmented IP datagram and fragment reassembly not
being enabled, or due to the frame being part of a higher-level packet
in a TCP data stream.
It might be useful to add a third type of exception in Ethereal, in
addition to the one that generates "Short Frame" (caused by a capture
being done with a snapshot length shorter than the length of some
frames) and the one that generates "Malformed Frame", which is generated
if the packet to be dissected is larger than one frame and the dissector
runs past the end of the frame.
> and Why would i see it on the wire.. Shouldnt the
> server / client just ask for another packet instead of pushing the bad
> packet on the wire. I only see this with NCP over IP
Are they TCP or UDP frames?
If they're UDP frames, try enabling IP reassembly - select the
"Preferences" item from the "Edit" menu, select the "IP" tab in the
dialog box that pops up, select "Reassemble fragmented IP datagrams",
and click "OK".
If they're TCP frames, we currently don't support reassembling
higher-level packets in TCP streams, so we don't yet support dissecting
those higher-level packets correctly.
