This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

[closed] Error/Malformed: Bad length value

0

Hello, I am trying to send UDP packets using socket programming in python. In my python code, i am packing the send information as

For UDP:

udp_send = struct.pack('!HHHH', udpsourceport, udpdestport, udplen, udpchecksum) where calculated udplen = 380 and udpchecksum = 0.

For IP:

ip_send = struct.pack('!BBHHHBBH4s4s', versionIHL, 0, totalLength, ID, flags, 225, 17, 0, sourceAddress, destinationAddress) where calculated totallength = 400

When i check this output in wireshark i get the output with IP total length = 60 and udp error as alt text

alt text

Is it the correct way to send a udp packet ? Are there any changes to be done in Windows or in Wireshark ? Please help me to solve this problem. :-(

asked 11 May '15, 06:52

Praju's gravatar image

Praju
11336
accept rate: 0%

closed 11 May '15, 07:27

grahamb's gravatar image

grahamb ♦
19.8k330206

Not really a Wireshark question. You'll hopefully find more appropriate help on a Python programming focused site.

(11 May '15, 07:27) grahamb ♦

This is related to Wireshark. I tried to change the total length of IP in my program but it doesnt show any changes in Wireshark. Are there any changes that need to be done in Wireshark ?

(11 May '15, 07:32) Praju

Wireshark just reports what's captured. There are no other reports of Wireshark misreporting UDP packet length, if you look at the Wireshark Expert Info, it tells you what's wrong, the UDP header says there are more bytes in the packet (380) than the IP header says (60). The length in the IP header should be the IP Header (20) + all payload bytes.

(11 May '15, 07:49) grahamb ♦

The question has been closed for the following reason “Question is off-topic or not relevant” by grahamb 11 May ‘15, 07:27