This is a static archive of our old Q&A Site. Please post any new questions and answers at

Malformed Packet with DIS protocol dissector


I am trying to dissect a set of DIS messages but am having problems with Action Request message. The data all seems to be available and the number of fixed data fields shows 7 with 0 in number of variable data fields. Then I get a list of the Fixed data fields but only 6 are shown. If I expand the last one I can see the Datum Id and the Datum value, both of which are correct. But the remaining 8 bytes are not decoded even though they are visible in the Hex message dump. Again they hold the correct values, so what is going on? Why does the DIS dissector not decode the final Datum?

asked 01 Apr '14, 08:39

Roger%20Arthur's gravatar image

Roger Arthur
accept rate: 0%

Because this issue was preventing me to progress a task I have tried earlier versions of Wireshark. Original problem reported with Wireshark-win32-1.10.6 I still have the problem in Wireshark-win32-1.8.13 But I do not have this issue with Wireshark-win32-1.6.16 So something has changed in the DIS Dissector between these issues.

(03 Apr '14, 02:52) Roger Arthur

If you can post a capture in a publicly accessible spot, e.g. Cloudshark that would help tremendously.

(03 Apr '14, 03:05) grahamb ♦