Wireshark · Wireshark-users: Re: [Wireshark-users] Strange behaviour in SSL request

Wireshark-users: Re: [Wireshark-users] Strange behaviour in SSL request

From: Sake Blok <sake@xxxxxxxxxx>

Date: Sat, 6 Feb 2010 14:24:07 +0100

   11 0.016260    10.205.15.30          192.168.30.54         TLSv1    Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
     12 0.029695    192.168.30.54         10.205.15.30          TLSv1    Change Cipher Spec, Encrypted Handshake Message
     13 0.322017    10.205.15.30          192.168.30.54         TCP      23015 > https [ACK] Seq=381 Ack=4550 Win=65492 Len=0
     14 45.028764   10.205.15.30          192.168.30.54         TCP      23015 > https [FIN, ACK] Seq=381 Ack=4550 Win=65492 Len=0

This tells you that the SSL handshake is complete (assuming the Encrypted handshake messages are in deed the "finished" message as it should be). As the client (10.205.15.30) ACKs the final handshake message, it knows the handshake is complete. It just does not send a request. In the https protocol it is the client that needs to send a request before the server will send any data. So the problem is on the client. The network trace won't show you any more detail than this, you have to start debugging your client application.

Cheers,

Sake

References:
- [Wireshark-users] Strange behaviour in SSL request
  - From: John Meletis

Prev by Date: [Wireshark-users] WindowsXP Broadcast question
Next by Date: [Wireshark-users] Payload data in ASCII format?
Previous by thread: [Wireshark-users] Strange behaviour in SSL request
Next by thread: [Wireshark-users] h.264 with Wireshark
Index(es):
- Date
- Thread