Hello, I am learning to use Wireshark for the first time to debug an application I wrote that exposes an HTTP API. I have noticed that Wireshark shows [Malformed Packet] in the Info field for every 200 (OK) response I receive from my application:
I don't know in what way these responses are malformed, and my client programs don't seem to have any problem with these responses. Here is a typical response:
Can anyone tell me what is wrong with it? I am suspicious of characters preceding “HTTP” but I don’t know enough to know whether they are what is causing Wireshark to declare the packets malformed.. Thank you for your help. -Dan asked 02 Apr ‘17, 01:37 subuta |
One Answer:
You're right, the suspicious characters preceding "HTTP" should not be there. Web browsers are usually ignoring a lot of bad things, as their primary goal is to render a page, so that's why they don't complain. But from a protocol point of view the packet is malformed. The "HTTP" characters must be the first thing following the TCP header, but in your case there's some garbage between the TCP header and HTTP. So you should find out where the garbage bytes come from, and prevent them from being written to the packet. answered 02 Apr '17, 08:00 Jasper ♦♦ |
Thank you for the quick and helpful reply, Jasper. I will investigate these garbage characters.