First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Protocol Preferences change on accident

I'm looking at a capture of a web server that connects to a database server, which has a bunch of Malformed Packet:TDS entries. There's lots on line about this issue.

But somewhere along the line I changed a setting in my Wireshark instance and I'm not sure what I did nor how to undo it.

If I right click on the Malformed Packet:TDS and go to Protocol Preferences> I no longer see a list of options, instead the submenu that opens is grayed out with two options: Malformed packet has no preferences Disable malformed packet

But as I mentioned that's just greyed out. I have several profiles and it doesn't appear to be profile specific since it's the same with each. And maybe it's not a default...but at some point I was able to right click >Protocol Preferences> and there was a list of options, like setting the TDS version which I did to 7.4 since the SQL server is 2019, thought that might help me determine why we had these packets.

But this issue isn't even about the TDS packets, I just wanna know what I did to change that menu item :)

Thanks in advance

wwwillster07's avatar
1
wwwillster07
asked 2023-03-17 16:05:42 +0000
edit flag offensive 0 remove flag close merge delete

Comments

Just one quick thing to add, Edit Preferences>Protocol>TDS contains some of the items I'm referring to that at one point existed on the right click menu...

wwwillster07's avatar wwwillster07 (2023-03-17 16:19:53 +0000) edit
more
  • delete

It helps if you include the Wireshark version (output of wireshark -v or Help->About Wireshark:Wireshark) in the question. And also if it's different versions on the different systems.
Probably the most important question is if you put ketchup on your eggs?

Chuckc's avatar Chuckc (2023-03-17 18:48:12 +0000) edit
more
  • delete
add a comment see more comments

2 Answers

0

Egg on my face. Perhaps the right click menu i'm referring to is on the Tabular Data Stream header...Went to another box where I know nothing was changed in Wireshark and the right click menu on the TDS malformed packet was the same. Which got me poking around a bit. So back to figuring out why my TDS streams all appear to be malformed......

wwwillster07's avatar
1
wwwillster07
answered 2023-03-17 16:26:26 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments
0

For the sample capture attached to 14110: TDS (Tabular Data Stream) and SMP (SMUX) protocols misdissected in captures with MARS enabled, if the TDS reassembly preferences are unchecked:

image description

it causes many Malformed TDS expert info entries:

image description

Frame 1038 (Exception occurred) type messages are common when the dissector asks for more data than is available. The dissector asked but it's the main Wireshark memory management that flagged it as a Malformed Packet so there are no dissector preferences to set.

[Malformed Packet: TDS]
    [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
        [Malformed Packet (Exception occurred)]
        [Severity level: Error]
        [Group: Malformed]

image description

The Expert Info added in frame 155 was added by the TDS dissector so the preference menu can be reached.

Hostname length: 40
    [Expert Info (Error/Malformed): Invalid hostname length (40)]
        [Invalid hostname length (40)]
        [Severity level: Error]
        [Group: Malformed]

image description

Chuckc's avatar
3k
Chuckc
answered 2023-03-17 21:29:36 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer