Ethereal-users: Re: [Ethereal-users] Malformed packet (bis)

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Andrew Hood <ajhood@xxxxxxxxx>
Date: Sat, 08 Jan 2005 10:00:54 +1100
John Coppens wrote:
Hi people.

I noticed a ref to malformed packets back in 2002, but I have this problem
now, with a reasonably new hardware (CNAP 711 from CNet, with an
AT76C510 AP).

The packet is from a Trap, number 22, which is not documented in the
ATMEL-MIB that comes with the CD. It's apparently a time tick, each 5
seconds:

User Datagram Protocol, Src Port: snmp-trap (162), Dst Port: snmp-trap
(162) Simple Network Management Protocol
    Version: 1 (0)
    Community: public
    PDU type: TRAP-V1 (4)
    Enterprise: 1.3.6.1.4.1.12350.1.1
    Agent address: 192.168.0.254 (192.168.0.254)
    Trap type: ENTERPRISE SPECIFIC (6)
    Specific trap type: 22
    Timestamp: 59400
[Malformed Packet: SNMP]

0000  ff ff ff ff ff ff 00 08 a1 42 54 cc 08 00 45 00   .........BT...E.
0010  00 47 00 7a 00 00 40 11 b8 86 c0 a8 00 fe ff ff   .G.z..@.........
0020  ff ff 00 a2 00 a2 00 33 00 00 30 29 02 01 00 04   .......3..0)....
0030  06 70 75 62 6c 69 63 a4 1c 06 09 2b 06 01 04 01   .public....+....
0040  e0 3e 01 01 40 04 c0 a8 00 fe 02 01 06 02 01 16   .>..@...........
0050  43 03 00 eb f0                                    C....

Can someone indicate what's wrong?

I simulated sending your data:

snmptrap -v1 -c public 255.255.255.255 .1.3.6.1.4.1.12350.1.1 192.168.0.254 6 22 60400

the packet looks like it is missing "30 00" at the end. The lengths and checksums are right for the data as sent so it hasn't been truncated. I guess the device is sending bad packets.
--
There's no point in being grown up if you can't be childish sometimes.
                -- Dr. Who