Hi,
Another thing you can do with your current installation is to disable the
Redback dissector, keeping it from touching these packets.
Thanx,
Jaap
Sake Blok wrote:
On Sun, Apr 13, 2008 at 12:09:52PM -0400, Don Arrowsmith wrote:
[Please excuse any seemingly obvious errors in this post as I'm not a WS pro.]
I upgraded to WS v1.0.0 and noticed a packet on my LAN labeled "IP
Bogus IP length (0, less than header length 20)". As I had another
PC which still had WS v0.99.7, I looked at the same packet there and
it says "UDP Source port: 6646 Destination port: 6646". In
checking, this seems to be a broadcast packet from a McAfee network
monitoring agent. I do have McAfee AV running so this is probably
what it is.
Is this an error in WS 1.0.0 thinking it's a bad packet? It
references a "redback" protocol in the decode which I'm pretty sure
isn't anywhere on my LAN..
I've posted full text decodes:
v0.99.7 at http://eisner.decus.org/~arrowsmith/ws0997.txt and
v1.0.0 at http://eisner.decus.org/~arrowsmith/ws100.txt.
I have taken a look at the full decodes and this issue resembles
another issue where the Redback dissector falsely assumed a packet
needed to be dissected by the redback dissector. Looking close
at the UDP data that you supplied, I can confirm that the bugfix
used for that bug[1] will also fix your issue.
If you want to try an automated wireshark build, you can find them
at http://www.wireshark.org/download/automated/ or else you can
wait till the next official release of wireshark.
Hope this helps,
Cheers,
Sake
[1] http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2376