BOOTP/DHCP Malformed
ic.nssip
ic.nssip at northwestel.net
Sun May 20 03:06:19 UTC 2012
Hello,
I have a strange situation here because Wireshark reports a lot of Notes for Malformed DHCP Requests coming from users on our network. The details for one messege look like this:
Severity: Note
Group: Malformed
Chats: BOOTP/DHCP
Details: Seconds elapsed (4) appears to be encoded as little-endian
Bootstrap Protocol
Message type: Boot Request (1)
Hardware Type: Ethernet
Hardware address length: 6
Hops: 1
Transaction ID: 0x207572a1
Seconds elapsed: 4
[Expert Info (Note/Malformed): Seconds elapsed (4) appears to be encoded as little-endian]
[Message: Seconds elapsed (4) appears to be encoded as little-endian]
[Severity level: Note]
[Group: Malformed]
Bootp flags: 0x8000 (Broadcast)
Client IP address: 0.0.0.0 (0.0.0.0)
Next server IP address: 0.0.0.0 (0.0.0.0)
Relay agent IP address: x.y.z.w (x.y.z.w) [replaced for confidentiality]
Client MAC address: AsustekC_62:e4:5b (00:22:15:62:e4:5b)
Client hardware address padding: 00000000000000000000
Server host name not given
Boot file name not given
Would anyone be so kind to let me know what is causing the "Malformed" detection and what can we do in order to fix this issue.
We use Sandvine for subscribers mapping and their DPI engine has dificulties to correct map the dynamic assigned IPs due to these Malformed DHCP packets.
Thank you in advance for any answer that can help us fix this problem,
Julian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20120519/4062d716/attachment.html>
More information about the dhcp-users
mailing list