This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

MSRP expert Info: Malformed Packet. But why?

0

Hi,

I use wireshark to debug msrp traffic. For some msg I got the following expert info:

Malformed Packet (Exception occured)

Severity level: Error

Group: Malformed

The msrp msg is fragmented into 2 segments. First segment has the malformed error. Second frame is not recognized as MSRP and only rendered as TCP frame.

Problem is that the msrp data in both frames is not accessible in wireshark.

Can you see why the 1st msg is malformed and why the 2nd msg is not recognized as msrp?

Thank you

Frame 1

MSRP TdNKjhyTcVJQQU74lzUcxmy5vHUZ SEND
To-Path: msrp://priv.ip.addr.rem:port/n38s00i7t0+74003;tcp
From-Path: msrp://priv.ip.addr.rem:port/cboter5ltNeG;tcp

Frame 2

Message-ID: b7NgfwQfPn8Jx
Success-Report: no
Failure-Report: yes
Byte-Range: 1-560/560
Content-Type: message/cpim

From: <sip: [email protected]> To: <sip: [email protected]> DateTime: 2015-05-13T15:04:08Z NS: imdn <urn:ietf:params:imdn> imdn.Message-ID: Hr1BCcvDlKmJRpDryyKTDJ4OZpkR Content-Disposition: notification

Content-type: message/imdn+xml Content-Length: 274

<?xml version="1.0" encoding="UTF-8"?> <imdn xmlns="urn:ietf:params:xml:ns:imdn"> <message-id>MsggOfzN1UHCA</message-id> <datetime>2015-05-13T15:04:08Z</datetime> <delivery-notification> <status> <delivered/> </status> </delivery-notification> </imdn>

——-TdNKjhyTcVJQQU74lzUcxmy5vHUZ$

asked 13 May ‘15, 08:18

supisupi's gravatar image

supisupi
6224
accept rate: 0%

edited 13 May ‘15, 08:32


One Answer:

1

After double checking the code, it appears that MSRP dissector does not take into account TCP fragmentation. Could you fill a bug on https://bugs.wireshark.org/bugzilla/ with a sample pcap attached?

answered 13 May '15, 09:29

Pascal%20Quantin's gravatar image

Pascal Quantin
5.5k1060
accept rate: 30%

Pascal, I have opened bug https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11217 with the hope that it will be fixed soon.

Thank you.

Kindest rgds,

Markus

(21 May '15, 05:23) supisupi