This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

SCTP DATA is not getting decoded correctly and is showing Malformed Packet

0

SCTP Association is correctly setup between two linux machines. When I send Data from Machine 1 --> Machine 2 using SCTP ---> I see the following in Wireshark Protocol Type = S1AP Msg (Info) = id-HandoverNotification [Malformed Packet] This is followed by a SACK from second Linux machine

I also verified in the command prompt of the second Linux Machine that it did receive the data correctly and therefore sent the SACK back to the first Linux Machine.

Interesting thing is, when I send the DATA from Linux Machine 2 --> to Linux Machine 1 then I do not see any problem in Wireshark. The DATA shows up correctly followed by a SACK from first Linux Machine.

Is there a problem/bug in wireshark for decoding the SCTP DATA in one direction?

asked 18 Mar '11, 09:21

chingu's gravatar image

chingu
1111
accept rate: 0%

If the ppid is Payload protocol identifier: S1 Application Protocol (S1AP) (18) Your application is using a ppid assigned for another protocol.

/ Dissector will use SCTP PPID 18 or SCTP port. IANA assigned port = 36412 / If the port is 36412 your application is using a port assigned for another protocol. You can dissable s1ap or try "dissect as" if we have a dissector for the actual protocol.

(18 Mar '11, 12:11) Anders ♦

One Answer:

1

Most probably you are using the port or PPID assigned to S1AP in your communication.

answered 18 Mar '11, 10:18

Anders's gravatar image

Anders ♦
4.6k952
accept rate: 17%

Thanks for your prompt response. Will you be able to tell how/where can I check this and fix it?

thanks again

(18 Mar '11, 10:22) chingu