Hi Jaime,
To correctly reconstruct out-of-order TCP segments, you have to enable
"Reassemble out-of-order segments" in the TCP preferences. See
https://www.wireshark.org/docs/wsug_html_chunked/ChAdvReassemblySection.html#ChAdvReassemblyTcp
Kind regards,
Peter
On Mon, Jun 10, 2019 at 07:04:04PM -0500, Jaime Hablutzel wrote:
> Hi Peter, I'm sorry for the delay.
>
> I've just found the "Certificate Request" in a subsequent "TCP
> Out-Of-Order" packet (see https://filebin.ca/4kArOrO9xTaL).
>
> Thank you.
>
> On Mon, Jun 3, 2019 at 9:05 AM Peter Wu <peter@xxxxxxxxxxxxx> wrote:
>
> > Hi Jaime,
> >
> > On Sun, Jun 02, 2019 at 10:59:18PM -0500, Jaime Hablutzel wrote:
> > > I'm not an expert in the TLS protocol but I've just stumbled upon the
> > > following packet (and I didn't have enough time to debug this further),
> > > https://filebin.ca/4jHrWy2tkGQ6, which contains the "Certificate
> > Request"
> > > list of accepted certificates, but Wireshark is failing to display it as
> > it
> > > can be observed in https://i.imgur.com/HrKevzC.png.
> > >
> > > Is it possibly a bug?.
> >
> > Could you share a capture file with the next non-empty TCP segment? The
> > hidden part is a TLS record of 3577 (0xdf9) bytes and fits a handshake
> > message (Certificate Request) of 3569 (0xdf1) bytes. If TCP reassembly
> > is enabled, it should have been reconstructed in the next TCP segment.
> > --
> > Kind regards,
> > Peter Wu
> > https://lekensteyn.nl
