Wireshark-users: Re: [Wireshark-users] Wireshark decode complaining about Malfromed packet - (bog
From: "Ramji Vaithianathan (rvaithia)" <rvaithia@xxxxxxxxx>
Date: Sat, 19 Sep 2009 07:35:05 -0700
Thanks Jaap and Sake for the responses on this to upgrade the version.  I was using version 1.20 and upgrading to a later version such as  (Version 1.3.0-SVN-28821) made the problem go away.

From: Ramji Vaithianathan (rvaithia)
Sent: Monday, September 14, 2009 9:20 PM
To: 'wireshark-users@xxxxxxxxxxxxx'
Subject: Wireshark decode complaining about Malfromed packet - (bogus, payload length ...)

I was trying to capturing DNS packets using Wireshark, and it gave errors about bogus payload length.
For example in the Frame 23 in the dump:
  IP length is 324 bytes
  UDP length is 304 bytes
However there is a complaint about bogus payload length 49 : Bad length value 304 > IP payload length
Any idea why this is coming eventhough the entire packet was captured.  The bytes beyond 49 bytes in the payload are treated as Ethernet trailer packets.