Hi I am trying to send a UDP data packet of 13 octets from: 192.168.1.10 port 3001 to: 192.168.1.12 port 3000 Wireshark shows the packet as: PDUType: Fire[Malformed Packet] The destination returns an ICMP packet that Wireshark marks: 'Destination unreachable'. The UDP packet looks ok to me. How should I upload it to here so that someone can help by checking it please? Best regards David asked 26 Jul '16, 06:19  DavidA_2015 |
2 Answers:
Port 3000 is the default port for the DIS (Distributed Interactive Simulation) protocol. So Wireshark tries to dissect this UDP datagram as being a DIS packet, but the payload is too short (that's why you get the malformed error). If this is not a DIS packet and you just want to see the UDP payload, go to Analyze -> Enabled Protocols and uncheck DIS dissector, or go to Edit -> Preferences -> Protocols -> DIS and change the default UDP port value. answered 26 Jul '16, 06:47  Pascal Quantin Thank you both for your answers. (26 Jul '16, 07:04) DavidA_2015 |
You ICMP packet is being sent to UDP port 3000 which is the default configured port for the DIS protocol, so is being dissected as such. To fix this disable the DIS dissector; in the packet details pane, right click the tree item for DIS and selected "Protocol Preferences ->" -> "Disable DIS ...", then in the Enabled Protocols dialog uncheck DIS and click OK on the dialog. Reload the capture using the menu View -> Reload. answered 26 Jul '16, 06:51  grahamb ♦ @Pascal Quantin was a bit quicker than me :-) (26 Jul '16, 06:52) grahamb ♦ |
Can you share a capture in a publicly accessible spot, e.g. CloudShark, Google Drive, Dropbox etc.?
Here it is: https://www.cloudshark.org/captures/df45a98f996e