Wireshark-users: Re: [Wireshark-users] How do I use a display filter to find Malformed packets
I am missing the obvious here.
"malformed" seems to be a protocol.
If I type "malformed" (without quotes) in the filter box I get no packets
displayed.
However if I examine individual packets then the middle pane shows packets
that have a red line and [Malfomed Packet: foo]
It is these malformed packets that I would like to use a filter to see, but
I am just not grasping what to do.
I am also not too clear on how display filtering works in general.
The middle pane has a column called "Protocol" which has entries for "UDP"
(all upper case) and "foo" (all lower case) if I type UDP in the filter in
upper case Wireshark does not like it, but lower case seems to work. Typing
foo fails in both upper and lower case. Does that mean the "foo" protocol
has not been registered properly, is so why does it appear in the protocol
column?
TIA
Hal
From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Reply-To: Community support list for Wireshark
<wireshark-users@xxxxxxxxxxxxx>
To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
Subject: Re: [Wireshark-users] How do I use a display filter to find
Malformed packets
Date: Mon, 11 Dec 2006 14:26:53 +0100 (CET)
Hi,
How about "malformed" ;)
Thanx,
Jaap
On Mon, 11 Dec 2006, Hal Lander wrote:
> If a wireshark receives a packet that is too short the dissector will
flag
> the packet as being Malformed.
>
> How do I use display filters to show me all the 'Malformed' packets?
>
> TIA
> Hal
>
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
_________________________________________________________________
View Athletes Collections with Live Search
http://sportmaps.live.com/index.html?source=hmemailtaglinenov06&FORM=MGAC01
