We carry SSL within the Connect:Direct file transfer protocol:
0000 00 00 03 04 00 00 00 50 ba da b4 6c 00 00 08 00 .......P...l....
0010 45 00 00 51 0e 48 40 00 40 06 aa be c0 a8 00 28 E..Q.H@.@......(
0020 c0 a8 00 28 05 54 86 0b 35 13 e0 4d 35 3a 86 3d ...(.T..5..M5:.=
0030 80 18 20 00 81 e4 00 00 01 01 08 0a 09 53 d3 f3 .. ..........S..
0040 09 53 d3 f3 54 43 50 32 00 02 00 10 00 00 00 09 .S..TCP2........
0050 80 00 00 00 38 00 00 00 16 03 01 00 04 0e 00 00 ....8...........
0060 00
The Connect:Direct protocol in this case is just a header record:
54 43 50 32 00 02 00 10 00 00 00 09 .S..TCP2........
0050 80 00 00 00 38 00 00 00
and the SSL payload:
16 03 01 00 04 0e 00 00 ....8...........
0060 00
Regards .. Martin
Stephen Fisher wrote the following on 12/01/2007 19:10:
On Fri, Jan 12, 2007 at 06:50:31PM +0000, Martin Warnes wrote:
Checking the SSL preferences I had an entry for RSA keys list;
127.0.0.1,1364,tls,c:\ssltest.key which specified this port so it was
correctly attempting to dissect this packet as SSL after all.
It sounds like you are trying to dissect SSL/TLS within SSL/TLS. The
dissector is called "ssl" instead of "tls" used above.
My follow-up question would be; Is it possible to follow the SSL
stream when the SSL data is embedded in another protocol? This would
be a very useful feature for what I'm working on.
What other protocol would SSL be embedded in?
Steve
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev
��������������������������������������������jy�u�����U����2�צ��m������rV�j��z�b��,� ڶ�V���]jם�Z�%���_����m4
----------------------------------------------------------
Scanned by ClamAV antivirus system - http://www.clamav.net
Virus signatures last updated: Fri Jan 12 18:33:21 2007
