Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] Malformed packet within Putty's 0.52 SSH

From: Stephen Fisher <stephentfisher@xxxxxxxxx>
Date: Fri, 6 Oct 2006 22:53:51 -0700
On Sat, Oct 07, 2006 at 12:15:44AM -0400, LDB wrote:

> Within Ethereal I am detecting a malformed packet coming from a Putty 
> SSH Client using version 0.52. Could my users have downloaded a 
> tainted version of Putty?
> 
> Also, why does Ethereal consider it a malformed packet from SSH?

It depends on the traffic it is considering malformed.  If you would 
like to send a small capture file with only a few packets/the one that 
is malformed someone may be able to give further details.  It may just 
be a bug in the Ethereal/Wireshark dissector - try upgrading to the 
latest Wireshark and see if it is still malformed.


Steve