|
Wireshark versions 0.99.4 & 0.99.5 seem to have
a problem with UDP fragmentation. Earlier versions were fine.
It reports bad UDP lengths on all the
reassembled fragmented packets which is incorrect.
For example
it shows the length field to be 6266 in UDP header, which is correct
according to the data + header. However, it reports this as bogus saying it
should be 346.
In the summary window it reports it as having a
"Bad UDP length 6266 > IP Length"
As a workaround if you turn off:-
"Reassemble Fragmented IP Datagrams" in the IP
preferences it is OK.
Is this a bug?
|