Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-users: RE: [Ethereal-users] malformed packets

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "brent" <buercky@xxxxxxxxxxx>
Date: Tue, 22 Aug 2006 10:31:08 -0500
-------------------
The Ethereal project is being continued at a new site.  Please go to
http://www.wireshark.org and subscribe to wireshark-users@xxxxxxxxxxxxx.
Don't forget to unsubscribe from this list at
http://www.ethereal.com/mailman/listinfo/ethereal-users
-------------------


Here is one of the packets  the user had ethereal as the capture I asked
them to get the latest 99.2 from the new site and do the capture to verify
as your request  I attached the text and one packet also if you wanted to
review anyways 

Will update you on the outcome of the 99.2 capture


No.     Time        Source                Destination           Protocol
Info                                                            SRC    DEST
      1 0.000000    10.1.1.247            10.1.198.111          UDP
Source port: 5100  Destination port: 5000[Malformed Packet]     5100   5000

Frame 1 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: Intel_a7:4e:3f (00:0e:0c:a7:4e:3f), Dst: Cisco_5e:97:00
(00:0a:f4:5e:97:00)
Internet Protocol, Src: 10.1.1.247 (10.1.1.247), Dst: 10.1.198.111
(10.1.198.111)
User Datagram Protocol, Src Port: 5100 (5100), Dst Port: 5000 (5000)
Cross Point Frame Injector 
[Malformed Packet: CPFI]



-----Original Message-----
From: Guy Harris [mailto:guy@xxxxxxxxxxxx] 
Sent: Tuesday, August 22, 2006 12:48 AM
To: buercky@xxxxxxxxxxx; Ethereal user support
Subject: Re: [Ethereal-users] malformed packets

brent wrote:

> Im trying to locate a trouble in our network and have done a capture on 
> a device using mirror ports of a device. We are getting MALFORMED 
> PACKETS on every packet sent from a device on our network. IS this 
> caused by the mirror port ? or is this a actual failure of the device ? 
> or wireshark?

It could, in theory, be any of the above.

I'd suggest upgrading to the latest version of Wireshark:

	http://www.wireshark.org/download.html

in case it's due to a bug that's been fixed in later versions of 
Wireshark, and, if you still see the problem, export as plain text (with 
packet details and packet bytes) one of the packets that show up as a 
malformed frame, and also save the packet in question to a file (i.e., 
save it as a one-packet capture file), so we can look at the packet and 
see where the problem might be, and send a message to the 
wireshark-users list:

	http://www.wireshark.org/lists/

with the text of the packet and the one-packet capture file.

Attachment: malformed.cap
Description: Binary data

_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube