Ask Your Question

Revision history [back]

Malformed Packets-App to DB server

New to Wireshark and trying to figure out why i am getting Malformed Packets in the logs. I perform 2 tasks from the application server which communicates to the DB server.

One task- creates a new record Second Task- queries an existing record.

both of them don't return any data from the database server. I ran few wireshark traces and it returns some malformed packets back.

how do you troubleshoot these kind of issues using wireshark? i have read online that malformed packets can be caused by any of these : "Malformed packet means that the protocol dissector can’t dissect the contents of the packet any further. There can be various reasons:

Wrong dissector: Wireshark erroneously has chosen the wrong protocol dissector for this packet. This will happen e.g. if you are using a protocol not on its well known TCP or UDP port. You may try Analyze|Decode As to circumvent this problem. Packet not reassembled: The packet is longer than a single frame and it is not reassembled, see Section 7.8, “Packet Reassembly” for further details. Packet is malformed: The packet is actually wrong (malformed), meaning that a part of the packet is just not as expected (not following the protocol specifications). Dissector is buggy: The corresponding protocol dissector is simply buggy or still incomplete."

however- i am not sure how to complete these tasks. if i can get some advise. would much appreciate it.

Thanks,

H

click to hide/show revision 2
None

Malformed Packets-App to DB server

New to Wireshark and trying to figure out why i am getting Malformed Packets in the logs. I perform 2 tasks from the application server which communicates to the DB server.

One task- creates a new record Second Task- queries an existing record.

both of them don't return any data from the database server. I ran few wireshark traces and it returns some malformed packets back.

how do you troubleshoot these kind of issues using wireshark? i have read online that malformed packets can be caused by any of these : "Malformed packet means that the protocol dissector can’t dissect the contents of the packet any further. There can be various reasons:

Wrong dissector: Wireshark erroneously has chosen the wrong protocol dissector for this packet. This will happen e.g. if you are using a protocol not on its well known TCP or UDP port. You may try Analyze|Decode As to circumvent this problem. Packet not reassembled: The packet is longer than a single frame and it is not reassembled, see Section 7.8, “Packet Reassembly” for further details. Packet is malformed: The packet is actually wrong (malformed), meaning that a part of the packet is just not as expected (not following the protocol specifications). Dissector is buggy: The corresponding protocol dissector is simply buggy or still incomplete."

however- i am not sure how to complete these tasks. if i can get some advise. would much appreciate it.

Thanks,

H