This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Is it because my payload length is zero? RFC 6455 seems to state that the payload for this is optional.

Thanks


No.     Time           Source                Destination           Protocol sPort  dPort  Length Info
    161 0.000097000    192.168.60.80         192.168.60.2          WebSocket 80     4477   60     WebSocket Connection Close [FIN] [Malformed Packet]

Frame 161: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Interface id: 0 (eth0) Encapsulation type: Ethernet (1) Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: True] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:http:websocket] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80 || http2] Ethernet II, Src: Informat_34:56:78 (00:00:12:34:56:78), Dst: CadmusCo_ec:2d:88 (08:00:27:ec:2d:88) Destination: CadmusCo_ec:2d:88 (08:00:27:ec:2d:88) Address: CadmusCo_ec:2d:88 (08:00:27:ec:2d:88) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Informat_34:56:78 (00:00:12:34:56:78) Address: Informat_34:56:78 (00:00:12:34:56:78) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IP (0x0800) Padding: 00000000 Internet Protocol Version 4, Src: 192.168.60.80 (192.168.60.80), Dst: 192.168.60.2 (192.168.60.2) Version: 4 Header Length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 42 Identification: 0x06b6 (1718) Flags: 0x00 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0x7a75 [validation disabled] [Good: False] [Bad: False] Source: 192.168.60.80 (192.168.60.80) Destination: 192.168.60.2 (192.168.60.2) [Source GeoIP: Unknown] [Destination GeoIP: Unknown] Transmission Control Protocol, Src Port: 80 (80), Dst Port: 4477 (4477), Seq: 755, Ack: 591, Len: 2 Source Port: 80 (80) Destination Port: 4477 (4477) [Stream index: 12] [TCP Segment Len: 2] Sequence number: 755 (relative sequence number) [Next sequence number: 757 (relative sequence number)] Acknowledgment number: 591 (relative ack number) Header Length: 20 bytes .... 0000 0001 1000 = Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 1460 [Calculated window size: 1460] [Window size scaling factor: -2 (no window scaling used)] Checksum: 0x0490 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Urgent pointer: 0 [SEQ/ACK analysis] [iRTT: 0.000583000 seconds] [Bytes in flight: 2] WebSocket 1... .... = Fin: True .000 .... = Reserved: 0x00 .... 1000 = Opcode: Connection Close (8) 0... .... = Mask: False .000 0000 = Payload length: 0 Payload Close: <missing> [Malformed Packet: WebSocket] [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)] [Malformed Packet (Exception occurred)] [Severity level: Error] [Group: Malformed]

0000 08 00 27 ec 2d 88 00 00 12 34 56 78 08 00 45 00 ..'.-....4Vx..E. 0010 00 2a 06 b6 00 00 40 06 7a 75 c0 a8 3c 50 c0 a8 .*[email protected]<p.. 0020="" 3c="" 02="" 00="" 50="" 11="" 7d="" 21="" 71="" 9a="" 4c="" 3f="" 65="" 16="" f3="" 50="" 18="" <..p.}!q.l?e..p.="" 0030="" 05="" b4="" 04="" 90="" 00="" 00="" 88="" 00="" 00="" 00="" 00="" 00="" ............="" <="" code="">

asked 11 Jun '15, 12:51

brownslink's gravatar image

brownslink
6225
accept rate: 0%


This looks like an issue that was solved in Wiresahrk 1.99.x branch and not in Wireshark 1.12.x: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d555aa759b9fb3199eb5822c20c86ed80c4608d3

Could you give a try to Wireshark 1.99.6 development build found on http://www.wireshark.org ?

permanent link

answered 11 Jun '15, 14:14

Pascal%20Quantin's gravatar image

Pascal Quantin
5.5k1060
accept rate: 30%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×47
×41
×9
×1

question asked: 11 Jun '15, 12:51

question was seen: 2,295 times

last updated: 11 Jun '15, 14:14

p​o​w​e​r​e​d by O​S​Q​A