Wireshark-dev: Re: [Wireshark-dev] Fragmentation
From: Philip Gladstone <[email protected]>
Date: Wed, 23 Feb 2011 17:28:45 -0500
I'm facing a similar problem -- I'm trying to improve the SSL dissector
and actually make it work in the face of things like TCP retransmissions.

However, it appears that it was written prior to the TCP reassembly
stuff being supported. I don't have the experience of complex dissectors
to really know what I am doing. Is anybody else working on fixing the
SSL dissector?

[The issue is that when SSL decrypts SSL records, it updates its
decryption context. Thus it has to decrypt the records in order, exactly
once. Yes, I realize that if packets get dropped from the capture then
you are out of luck. However, in my case, I often see an SSL record
being transmitted, no ack to it (delayed ack), and then the other end
sends  the original SSL record with the next SSL record in the same TCP
segment. This desynchronizes the decryptor and from that point on, no
decryption happens.]

Philip

-- 
Philip Gladstone               
Ham: N1DQ