This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I captured a packet using the command tethereal -i bond0 -R "smpp" -w /tmp/file. When I viewed the file its shows Malformed Packet on submit_sm. Why is that so?

This question is marked "community wiki".

asked 20 May '11, 17:06

themask's gravatar image

themask
1111
accept rate: 0%

edited 21 May '11, 07:07

cmaynard's gravatar image

cmaynard ♦♦
9.3k1038142


Although it's not 100% certain without looking at the actual trace, one possible explanation might be:

A smpp protocol PDU can be split across multiple tcp segments (and therefor frames). When you use a (display) filter like smpp, tshark will only show the frame in which the reassembly completed (in which the last segment of the PDU was found). So only that frame is saved in the capture file. When you reopen the capture file, the first fragment(s) of the smpp PDU are not found and you end up with a broken PDU, hence the "Malformed Packet"

(BTW 'tethereal' is realy old (at least 5 years), you might want to upgrade to the latest wireshark/tshark version)

permanent link

answered 20 May '11, 23:17

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×248
×47
×16
×4

question asked: 20 May '11, 17:06

question was seen: 8,565 times

last updated: 21 May '11, 07:07

p​o​w​e​r​e​d by O​S​Q​A