This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

wireshark says this packet is malformed but our engineers agree it is ok

0

wireshark says this packet is malformed but our engineers agree it is ok so what do I do ? Should I raise a bug ?

Packet 1833 - look at ptp section, I've highlighted the lengthField (you can see this in the bytes at the end as well). Apparently it is malformed after there - however when we look at the 1588 ptp spec it all seems to be ok. alt text

asked 05 Jul '12, 03:47

adetheheat's gravatar image

adetheheat
1111
accept rate: 0%

what are the last two bytes 0x00 0x00?? They don't get dissected.

(05 Jul '12, 04:45) Kurt Knochner ♦

in the 1588 standard they say the 1st of the 2 bytes is 4 bits is the message type (should be 0 in my case) and the next 4 bits is reserved. The 2nd byte is also reserved. So 00 00 is correct

(05 Jul '12, 05:11) adetheheat

it also says the length should be 2. Section 16.1.4.3 of ptp standard

(05 Jul '12, 05:12) adetheheat

for CANCEL_UNICAST_TRANSMISSION TLV specification

(05 Jul '12, 05:12) adetheheat

can you provide a free link to the specs?

(05 Jul '12, 06:46) Kurt Knochner ♦

Attached is the spec for the tlv bit at the end taken from the ptp 1588 standard: alt text

(05 Jul '12, 07:42) adetheheat

16.1.4.3.3 messageType (Enumeration4) The value of messageType shall indicate the type of unicast message transmission to be canceled. The coding of the enumeration is identical to that used in the messageType field of message headers; see 13.3.2.2 (below):

Message type Message class Value (hex) Sync Event 0 Delay_Req Event 1 Pdelay_Req Event 2 Pdelay_Resp Event 3 Reserved — 4-7 Follow_Up General 8 Delay_Resp General 9 Pdelay_Resp_Follow_Up General A Announce General B Signaling General C Management General D Reserved — E-F

(05 Jul '12, 07:45) adetheheat

can't do that I'm afraid. I've got a bug report raised about this - it's sort of already known about from the replies I've got so far.

(05 Jul '12, 08:40) adetheheat

Bug raised so won't be updating this thread further

(05 Jul '12, 08:42) adetheheat

For the record, the bug ID is 7437 and the difficulty in fixing it is the lack of free access to the spec. I think that adetheheat has provided enough info to fix this though.

(05 Jul '12, 08:48) grahamb ♦

google: "16.1.4.3" ptp -> 2nd link ;-)

(06 Jul '12, 00:04) Kurt Knochner ♦
showing 5 of 11 show 6 more comments

One Answer:

0

Please raise a bug at the Wireshark Bugzilla database, with references to the protocol specification and a sample capture illustrating the issue. If the capture contains information that you don't want made public, mark the bug as private (Advanced fields) to restrict access to the capture to core developers.

answered 05 Jul '12, 04:00

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%