Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] Malformed packet analysis

From: Anders Broman <anders.broman@xxxxxxxxxxxx>
Date: Mon, 13 Jan 2014 08:58:36 +0000

Hi,

By reading the dissector code and compare with the analyzed packet and the RFC J

 

The most common reason for [Malformed] is that Wireshark think that there is more data to read than what’s in the packet so you might want to check your length parameters, optional vs required fields

Etc. I assume Wireshark makes the right assumption of the packet content e.g. the right dissector(s) are called.

 

If you show us the trace we could analyze it further.

Best regards

Anders

 

From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Markus Moeller
Sent: den 12 januari 2014 19:50
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] Malformed packet analysis

 

Hi,

 

   I am working on a packet generator and when I analyse the packets I create with wireshark I get a malformed packet.  I think I created the packet following the RFC. How can I find our the exact reason why wireshark create the error ?

 

 

Thank you

Markus