This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Malformed Packets

0

Hi There

I am seeing a large amount of malformed packets on our network. The source hardware address is 00:00:00:00:00:00 and the destination is also 00:00:00:00:00:00. Does anyone have any idea how I can trace these packets? The packet length is 60 - the same as an arp request??

Any ideas? I've drawn a total blank on this one...

Many thanks Phill

asked 16 Apr '13, 14:56

Pippin_uk's gravatar image

Pippin_uk
11112
accept rate: 0%

One Answer:

0

there was a similar question some time ago:

http://ask.wireshark.org/questions/12833/unknown-frame-malformed-packet

Looks like you've got a broken network interface.

How to identify/find it? You could try to look at the CAM table of your switch and find the port where the mac address (0:0:0:0:0:0) is seen by the switch. If that does not work, you can only switch off the systems one after the other while monitoring the network.

Regards
Kurt

answered 16 Apr '13, 15:25

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 16 Apr '13, 15:52

Hi Kurt

Thanks very much for your reply. I'll look into this and let you know how it goes.

Thanks again! Phill

(16 Apr '13, 15:33) Pippin_uk