I'm developing a dissector for a custom protocol and have been getting "Malformed Packet" messages like the one shown below. From what I understand this is usually caused by overflowing a
asked 28 Jun '11, 16:51
edited 28 Jun '11, 16:56
You could try stepping through execution of your dissector using a debugger. If you have a capture file and you want to narrow down the problem, use editcap (or Wireshark, I suppose) to "divide-and-conquer". Keep splitting the file in half until you isolate the offending packet. That may or may not make it obvious as to what part of your code is mis-behaving, but if not, it will still make stepping through execution in the debugger easier.
answered 29 Jun '11, 10:38
edited 29 Jun '11, 18:44
Try setting the environment variable
answered 29 Jun '11, 00:08