On Tue, Nov 26, 2002 at 01:47:22PM -0000, Mitchell, Tony wrote:
> Does anybody know ALL the conditions that cause an SNMP packet to be
> reported as "Malformed"
*All* the conditions? I suspect not.
"[Malformed Packet]" usually means that the protocol dissector that
reports the error tried to dissect a field that ran past the end of the
data in the packet, which could mean that
1) the packet was too short (hence malformed);
2) the dissector has a bug;
3) the packet is split across frame boundaries, reassembly
wasn't done (so that not all the data in the packet was being
used), and the "fragmented" flag wasn't set in the packet
info structure (so it's reported as a malformed packet rather
than an unreassembled packet).
However, there's no reassembly at the UDP, SNMP, or Ethernet level, and
the packet isn't fragmented at the IP level, so 3) isn't the answer.
I'd have to see the actual packet data (as in "save the packet to a
capture file" - I'd need to see it as a binary data file, not as text,
so I can run it in Ethereal myself) in order to determine whether the
problem is 1) or 2) or something else.
