Wireshark · Wireshark-users: [Wireshark-users] PCAP seem buggy in Wireshark 1.6.2 while seem fine with 1.2 version

Wireshark-users: [Wireshark-users] PCAP seem buggy in Wireshark 1.6.2 while seem fine with 1.2 ve

From: P R <memyselfandjava@xxxxxxxxx>

Date: Wed, 11 Jan 2012 23:26:13 -0600

Hello:

I'm a newbie to Wireshark and hence my early apology for a rudimentary question.

I had to do troubleshoot an SSL handshake recently and hence requested a snoop to be taken on the server side from my client. I opened the PCAP snoop in 1.6.2 version and decoded the packets as SSL. The result I see in Wireshark 1.6.2 was entirely different from what my client was seeing. He uses 1.2 to view the same trace and the SSL handshake seem to be very obvious in the older version. Even the tcp.stream was different between 2 versions of the same trace. In the new version, I get "Ignored unkown record" while the older version clearly shows the client hello, server hello and the certificate being exchanged from the server to the client.

Is switching to an older version of Wireshark is my only option? Or is there a configuration that I can tweak to get this to work in my newer version?

Appreciate any response.

--
/PR

Follow-Ups:
- Re: [Wireshark-users] PCAP seem buggy in Wireshark 1.6.2 while seem fine with 1.2 version
  - From: Guy Harris

Prev by Date: Re: [Wireshark-users] tds question
Next by Date: Re: [Wireshark-users] PCAP seem buggy in Wireshark 1.6.2 while seem fine with 1.2 version
Previous by thread: Re: [Wireshark-users] PcapNG & Wireshark
Next by thread: Re: [Wireshark-users] PCAP seem buggy in Wireshark 1.6.2 while seem fine with 1.2 version
Index(es):
- Date
- Thread