["Gaudineer, Kevin" <GAUDINKL@xxxxxxx>]

Greetings WireShark Users

 

I have done some packet captures of several Fiber WAN interfaces in our network.  All of these traces are showing that the OSPF LS  update packets are malformed.  This seems a little confusing because when I check the headers for IP in the protocol tree, for example, the checksums are correct.  Its just the OSPF headers that are not correct.

 

I do not have a inline tap for the Fiber WAN interfaces so I used the Pcap engine in the hardware itself to do the capture,  in this case it is a Nortel 8610 and I am using the development version of WireShark  V1.4.0rc2  .  My question is.  Is it possible because of the way I did the capture that this is the reason for the maformed packet showing?  A sample of the protocol tree is shown below:

 

 

 

No.     Time        Source                Destination           Protocol Info

3          0.000000    10.8.11.113           224.0.0.5             OSPF     LS Update[Malformed Packet]

 

Frame 3: 64 bytes on wire (512 bits), 64 bytes captured (512 bits)

Ethernet II, Src: Nortel_62:02:20 (00:18:b0:62:02:20), Dst: IPv4mcast_00:00:05 (01:00:5e:00:00:05)

802.1Q Virtual LAN, PRI: 7, CFI: 0, ID: 2032

Internet Protocol, Src: 10.8.11.113 (10.8.11.113), Dst: 224.0.0.5 (224.0.0.5)

    Version: 4

    Header length: 20 bytes

    Differentiated Services Field: 0xc0 (DSCP 0x30: Class Selector 6; ECN: 0x00)

    Total Length: 1476

    Identification: 0xbb0e (47886)

    Flags: 0x00

    Fragment offset: 0

    Time to live: 1

    Protocol: OSPF IGP (89)

    Header checksum: 0x0295 [correct]

        [Good: True]

        [Bad: False]

    Source: 10.8.11.113 (10.8.11.113)

    Destination: 224.0.0.5 (224.0.0.5)

Open Shortest Path First

    OSPF Header

        OSPF Version: 2

        Message Type: LS Update (4)

        Packet Length: 1456

        Source OSPF Router: 10.31.254.251 (10.31.254.251)

        Area ID: 0.0.0.0 (Backbone)

        Packet Checksum: 0xde74 [incorrect, should be 0xef30]

        Auth Type: Null

        Auth Data (none)

    LS Update Packet

[Malformed Packet: OSPF]

    [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]

        [Message: Malformed Packet (Exception occurred)]

        [Severity level: Error]

        [Group: Malformed]

 

_____
./| ,[_____],
|¯¯¯L--O|||||||O_
()_)¯()_) ¯¯¯ )_)

 Jeeps Rule

 

Kevin L Gaudineer

Iowa Health System

Sr. Network Support

Desk Phone (515)-241-7745

Cell Phone:  (515)-205-3069

 

         ********************************************

This message and accompanying documents are covered by the 
Electronic Communications Privacy Act, 18 U.S.C. Â§Â§ 2510-2521, 
and contain information intended for the specified individual(s) only. 
This information is confidential. If you are not the intended recipient 
or an agent responsible for delivering it to the intended recipient, you 
are hereby notified that you have received this document in error and 
that any review, dissemination, copying, or the taking of any action 
based on the contents of this information is strictly prohibited. If you 
have received this communication in error, please notify us immediately 
by e-mail, and delete the original message.

        *********************************************