This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I am getting tons of malformed packet errors with " winr openkey response, error unknown dos error" in the information before and below.

asked 31 Jul '12, 12:55

cyberseeds's gravatar image

cyberseeds
1111
accept rate: 0%


Perhaps they're not actually "Windows Registry access" protocol packets, and Wireshark is misidentifying them as such, trying to dissect them as such, and reporting errors (which would be errors if they were those packets, but wouldn't be if they're not). You might want to file a bug on that and attach a capture file to the bug.

permanent link

answered 31 Jul '12, 13:42

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

edited 31 Jul '12, 13:50

You can select the protocol in the packet details pane and select from the context menu the option 'Disable protocol...'. This disables the dissector (for that session) to allow possible other dissectors to pick up the traffic. Another option is to select from the context menu the option 'Decode as...', and then select the protocol you think it is.

permanent link

answered 01 Aug '12, 04:03

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×20

question asked: 31 Jul '12, 12:55

question was seen: 1,862 times

last updated: 01 Aug '12, 04:03

p​o​w​e​r​e​d by O​S​Q​A