We're now a non-profit! Support open source packet analysis by making a donation.

Wireshark-users: Re: [Wireshark-users] question about bug 3303

Date: Mon, 6 Sep 2010 11:06:59 +0200 (CEST)
Hi Sake,

In all my captures I see that the packet containing "Server Hello,
Certificate, Server Key Exchange, Encrypted Handshake Message" is
fragmented and I can't raise the MTU in my environment.

At which layer do you see fragments? If it's at the IP layer (which your remark to MTU size suggests), then this is definitely a different issue. The issue in the bug report is a SSL record of more than 16k, which is fragmented at the SSL layer. This automatically means there is segmentation on the TCP layer and possibly fragmentation at the IP layer too...

Do you have "Reassemble fragmented IP datagrams" enabled in the IP protocol preferences?

Firstly, I really appreciate you helpfulness.

This is what I see in my capture that makes me think this might be the same issue:

216 <timestamp> <srcip> <dstip> TCP   [TCP segment of a reassembled PDU]
217 <timestamp> <srcip> <dstip> TLSv1 Server Hello, Certificate, Server Key Exchange, Server Hello Done

And if I look at frame 217 below, it says:

* Frame 217 (341 bytes on wire, 341 bytes captured)
* Ethernet II, Src: ..., Dst: ... * Internet Protocol, Src: <srcip> (<srcip>), Dst: <dstip> (<dstip>)
* Transmission Control Protocol, Src Port: <srcportname> (<srcport>), Dst Port: <dstportname> (<dstport>), Seq: 1500, Ack: 313, Len: 287
* [Reassembled TCP Segments (1747 bytes): #216(1460), #217(287)]
* Secure Socket Layer

Sorry for the awkwark way of sending the capture across, but I believe I'm fairly restricted by company policies.

Looking at the above, does it resemble bug 3303?