OS WinXP SP 2
When you view the Expert Info Composite on a trace that has an ICMP Destination
Unreachable (Port Unreachable) packet in it, you can see a report of a
malformed UDP packet where it has a Bad length value > IP payload length. This
is particularly noticed if the packet that the ICMP is reporting on is an SNMP
trap and the destination has no trap watcher software running.
The ICMP contains the IP header of the original datagram and if you drill down
the protocol tree window it can be seen that it reports that the UDP length as
bogus, which is wrong:-
Internet Control Message Protocol
Type: 3 (Destination unreachable)
Code: 3 (Port unreachable)
Checksum: 0xd84a [correct]
Internet Protocol, Src: 168.10.5.10 (168.10.5.10), Dst: 168.10.5.6
(168.10.5.6)
User Datagram Protocol, Src Port: 6996 (6996), Dst Port: 6996 (6996)
Source port: 6996 (6996)
Destination port: 6996 (6996)
Length: 16 (bogus, payload length 8)
Checksum: 0xedf9
This was not a problem in version 0.99.4.
I have raised this on Bugzilla ref 1832.
Keith French
