I get the below error for dns requests and response. I also see UDP Bad lenght greater that IP Payload. Any suggestion or advice ffrom anyone as to cause of this error? asked 13 Nov '15, 02:26  olutola edited 13 Nov '15, 02:57  Jaap ♦ |
One Answer:
While it's true what @Jaap says regarding the screenshot, I'll to make an assumption. The size of the frames and the uniform length pattern (44, 80, 84) does not match a typical DNS query/answer. So I guess that's traffic where Wireshark only believes it could be DNS, based on the protocol and port (TCP/UDP 53), but in reality it's something totally different, hence the "Malformed Packet". As the IP 41.190.6.70 is on the internet (Nigeria), this looks a bit "strange". Could be DNS tunneling software, malware or simply a bug somewhere. We will see, as soon as you provide the capture file. Regards answered 13 Nov '15, 14:10  Kurt Knochner ♦ |
Can you share the capture file? From an image it's impossible to tell. You could use cloudshark for that.