OSQA is unmaintained. Help us figure out where to go from here.

During a normal TCP capture, some TCP frames are captured as RPCAP protocol, with these error details:

Remote Packet Capture, Error
    Version: 0
    Message type: Error (1)
    Error value: Network error (1)
    Payload length: 32
    Error: \357\277\275\0360
        [Expert Info (Note/Sequence): Error: \310\0360\000\000\000\0013%CF\236\232ee\2721\002\346\326a\264\035\276\262\216\364 ^\326\346\236]
            [Error: \310\0360\000\000\000\0013%CF\236\232ee\2721\002\346\326a\264\035\276\262\216\364 ^\326\346\236]
            [Severity level: Note]
            [Group: Sequence]

What's the meaning of this info? Thanks.

asked 17 Mar, 07:49

PversusNP's gravatar image

accept rate: 0%

edited 17 Mar, 07:59

grahamb's gravatar image

grahamb ♦

It probably means that something on the network sent a packet that looks enough like an RPCAP packet that Wireshark tried to decode it as an RPCAP packet, but that it isn't an RPCAP packet, and Wireshark got confused trying to interpret it as one. Unfortunately, the technique Wireshark uses to determine whether a packet is an RPCAP packet or not are relatively weak and can treat non-RPCAP packets as RPCAP packets.

Try disabling the RPCAP dissector - go to "Enabled Protocols...' In the "Analyze" menu, and turn "RPCAP" off.

(19 Mar, 22:08) Guy Harris ♦♦
Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 17 Mar, 07:49

question was seen: 252 times

last updated: 19 Mar, 22:08

p​o​w​e​r​e​d by O​S​Q​A