This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Unknown frame [Malformed Packet]

0

I am new at this, but my company has something serious going on. We are getting flooded with "Unknown frame[Malformed Packet]" that are 60 bits and lots of them. This is causing major issues with my VOIP system (ShoreTel) to the point that we are almost unable to use the phones.

IP range: 10.0.x.x Subnet: 255.255.0.0 HP switching equipment

We have a flat network, but plan to change that soon.

How do I stop the Unknown frame[Malformed Packet]'s?

The packet has all 0's.

The bottom part of Wireshark has:

0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........

0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........

0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........

0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........

asked 18 Jul '12, 10:42

WEIglad's gravatar image

WEIglad
1112
accept rate: 0%

edited 18 Jul '12, 13:10

interesting. Can you please post a sample capture file on cloudshark.org?

HINT: As you cannot delete an anonymously uploaded file on cloudshark.org, you better don't post any private data. Post just those packets in a capture file, that are required to analyze the problem.

(19 Jul '12, 02:05) Kurt Knochner ♦

Mine does the same on every wifi network I attach my computer to. And I seem to allow everyone's connection to a mere crawl. I can't seem to locate the problem.

(28 Sep '13, 19:45) akosha

One Answer:

0

That looks like a host interface gone cuckoo, sending out empty frames. It's hard to tell where it comes from because even the source address is empty. Now you're back at layer one, pulling cables.

answered 19 Jul '12, 05:02

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%