This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Parser Error?

0

I'm running a packet capture on a x64 Windows Server 2008 R2 system running the latest version of x64 wireshark (1.6.7). Everytime I see the following packet, all traffic that is to follow is [Malformed Packet].

This particular packet is categorized as SMB2 and is connecting to this server on port 445. There are only two things that jump out at me as they are different from the other captured packets.

Info Level: SMB2_FIND_ID_BOTH_DIRECTORY_INFO
Search Pattern: *

When I restart wireshark, all is back to normal and I see traffic as expected. Until this particular packet hits.

Is this a symptom of a parser error?

asked 16 Apr '12, 13:40

pjhan's gravatar image

pjhan
1111
accept rate: 0%

One Answer:

0

It's possible that there is a bug in the SMB2 dissector. We'd probably have to see a sample capture to determine whether that's the case and, if it is, to determine what the bug is and to fix it.

File a bug about this on the Wireshark Bugzilla, and attach a capture to the bug.

answered 16 Apr '12, 17:01

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%