I'm getting Malformed packet when I see wireshark Log

asked 2025-06-17 12:06:50 +0000

mohan gravatar image

updated 2025-06-17 12:10:33 +0000

grahamb gravatar image

Here is the message I got 

12082   208.239790000   100.64.10.6 100.64.10.4 SOME/IP 76  SOME/IP Protocol (Service ID: 0x0030, Method ID: 0x800d, Length: 26)[Malformed Packet: length of contained item exceeds length of containing item]

Please give me suggestion how to get rid of this message

edit retag flag offensive close merge delete

Comments

Is it possible the packet was truncated during capture?
Could you add a hexdump of the packet to the question or share a pcap file?

Chuckc gravatar imageChuckc ( 2025-06-17 15:30:40 +0000 )edit

Sure. Please find below 0000

00

12

34

56

78

91

00

55

0010 00 7d e2 ad 40

00

40

11

0020 02

04

4e

50

d3

8e

00

69

0030

00

59

00

00

df

9d

01

01

0040 5

23

a7

65

31

4a

40

11

0050 10

00

48

e3

45

12

01

30

0060

35

32

34

2a

04

32

35

32

0070

11

Od

00 00

00

00

10

01

0080

01

30

50

fc

c6

87

9d

f8

7b

b5

7d

f7

08

00

45

00

76

38

64

40 0a 06 64

40

dd

04

00

30

80

01

00

00

02

00

30

4f

0a

17

09

d8

55

24

70

35

fc

f8

f8

bf

1d

54

33

20

43

22

04

32

34

32

01

30

3a

01

35

42

1d

00

00

00

00

20

00

2a

mohan gravatar imagemohan ( 2025-06-18 18:34:40 +0000 )edit

The hex is scrambled - reassembled what I think is correct below:

0000 00 12 34 56 78 91 00 55  7b b5 7d f7 08 00 45 00
0010 00 7d e2 ad 40 00 40 11  76 38 64 40 0a 06 64 40
0020 02 04 4e 50 d3 8e 00 69  dd 04 00 30 80 01 00 00
0030 00 59 00 00 df 9d 01 01  02 00 30 4f 0a 17 09 d8
0040 05 23 a7 65 31 4a 40 11  55 24 70 35 fc f8 f8 bf
0050 10 00 48 e3 45 12 01 30  1d 54 33 20 43 22 04 32
0060 35 32 34 2a 04 32 35 32  34 32 01 30 3a 01 35 42
0070 11 0d 00 00 00 00 10 01  1d 00 00 00 00 20 00 2a
0080 01 30 ...
(more)
Chuckc gravatar imageChuckc ( 2025-06-18 20:58:58 +0000 )edit
add a comment