ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] Malformed packet

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Brian Oleksa <oleksab@xxxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 18 Feb 2010 14:20:31 -0500
Mike

I am doing some more investigation on why I get this Malformed packet.
When I run the actual "live" data with my dissector in place.... I do NOT get a malformed packet.
The only time I get this Malformed packet is when I click on a .pcap file that has this captured data. 

Have you or anybody seem this behavior in the past..??

Thanks,
Brian



Brian Oleksa wrote:

Mike

Unfortunately.. I do not have a debugger available.
It doesn't appear to be reading beyond the end of the packet....but without a debugger handy... I am not sure how I can tell. 

Any other help is greatly appreciated.

Thanks,
Brian



Mike Morrin wrote:

-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Brian Oleksa
Sent: 18 February 2010 15:49
To: Developer support list for Wireshark
Subject: [Wireshark-dev] Malformed packet


Why would I be getting a Malformed Packet error..??
I wrote a dissector where I am dissecting several packets to which I am very happy with the outcome in the wireshark gui. I am getting exactly what I am expecting to get (as I hard coded the data in the packets).
But at the end of every packet... I get this highlighted pink line that says "Malformed Packet".
Again....I am very happy with the outcome of all the packets that I am dissecting (which tells me that my dissector "appears" to be working properly). 

Any ideas..??

Is your dissector trying to read beyond the end of the packet?

If you can run inside a debugger, then try putting a breakpoint on the
Wireshark exception handler, it should quickly show you how the
exception is triggered.





This message contains confidential information and may be privileged. If you are not the intended recipient, please notify the sender and delete the message immediately.
ip.access Ltd, registration number 3400157, Building 2020, Cambourne Business Park, Cambourne, Cambridge CB23 6DW, United Kingdom 
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube