https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5692
Sake <sake@xxxxxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
--- Comment #1 from Sake <sake@xxxxxxxxxx> 2011-02-14 06:31:25 PST ---
(In reply to comment #0)
> In a regular TLS stream the regular server replies (the requests are properly
> decoded) are marked as "ignored unknown records", see attached capture. The
> browser did receive the image properly.
You have to enable reassembly in the TCP and SSL dissectors to make Wireshark
aware of SSL records spanning multiple packets. Once you do, Wireshark will
show the frames as "[TCP segment of a reassembled PDU]" and "Application Data".
In order for Wireshark to even attempt to do reassembly, all frames need to
pass the checksum check. In your tracefile (made on the server if I'm correct),
the checksums of all outgoing packets are bad. Which indicates TCP checksum
offloading to the NIC. So you need to disable checksum checking too...
The relevant settings are:
tcp.check_checksum: FALSE
tcp.desegment_tcp_streams: TRUE
ssl.desegment_ssl_records: TRUE
ssl.desegment_ssl_application_data: TRUE
These settings are the default, so you must have changed one of them somewhere
across the line...
Hope this helps. Closing the bug as invalid as all seems to work as designed
given the proper settings.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
