Two "Descrypted SSL data" sections in one frame

[Petr Gotthard <petr.gotthard () centrum cz>]

Hello,
 
I'm trying to add SSL support for the AMQP dissector. I managed to correctly decrypt and reassemble the application 
data, however from some reason the SSL dissector (or someone else?) split the application data in two blocks: the first 
data block contains the first byte of the AMQP frame and the second data block contains the remaining bytes.
 -- In the "Packet Details" section I can see (after the SSL sub-tree) a sub-tree "Data (1 byte)" and below it another 
sub-tree "[Malformed Packet: AMQP]" (the packet is malformed because it is missing the first byte)
 -- in the "Packet Bytes" section I can see two "Decrypted SSL data" sections. One with 1 byte (the first byte of an 
AMQP frame) and the other section with the remaining bytes of this AMQP frame.
 
Do you have any idea why did SSL create two "decrypted SSL data" sections and split the frame?
 
 
Thanks,
Petr
 
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe