Wireshark mailing list archives
Re: Fragmentation
From: Philip Gladstone <philip () gladstonefamily net>
Date: Wed, 23 Feb 2011 17:28:45 -0500
I'm facing a similar problem -- I'm trying to improve the SSL dissector and actually make it work in the face of things like TCP retransmissions. However, it appears that it was written prior to the TCP reassembly stuff being supported. I don't have the experience of complex dissectors to really know what I am doing. Is anybody else working on fixing the SSL dissector? [The issue is that when SSL decrypts SSL records, it updates its decryption context. Thus it has to decrypt the records in order, exactly once. Yes, I realize that if packets get dropped from the capture then you are out of luck. However, in my case, I often see an SSL record being transmitted, no ack to it (delayed ack), and then the other end sends the original SSL record with the next SSL record in the same TCP segment. This desynchronizes the decryptor and from that point on, no decryption happens.] Philip -- Philip Gladstone Ham: N1DQ ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Fragmentation Subhasree R (Feb 21)
- Re: Fragmentation Stephen Fisher (Feb 22)
- Re: Fragmentation David Aggeler (Feb 22)
- Re: Fragmentation Guy Harris (Feb 22)
- Re: Fragmentation Guy Harris (Feb 22)
- <Possible follow-ups>
- Re: Fragmentation Philip Gladstone (Feb 23)