Wireshark-bugs: [Wireshark-bugs] [Bug 3303] Wireshark is somehow not capable of dissecting a han

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Mon, 6 Jul 2009 12:25:56 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3303


Soren Dreijer <dreijer@xxxxxxxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dreijer@xxxxxxxxxxxxxxx




--- Comment #10 from Soren Dreijer <dreijer@xxxxxxxxxxxxxxx>  2009-07-06 12:25:52 PDT ---
I've had similar experiences as what Michael saw. I'm trying to decrypt LDAP
over SSL but whenever there are TCP-out-of-order, DUP ACKs, or lost ACKS, then
the decryption seems to become bogus and I can see nothing from that point on.

I've seen this behavior in several captures now. The latest capture looked like
this:

123     09:01:12.228267 172.30.1.180    172.30.1.103    TCP     nifty-hmi >
ldaps [SYN] Seq=0 Win=64240 Len=0 MSS=1460
124     09:01:12.228370 172.30.1.103    172.30.1.180    TCP     ldaps >
nifty-hmi [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1460
125     09:01:12.236455 172.30.1.180    172.30.1.103    TLSv1   Client Hello
126     09:01:12.236456 172.30.1.180    172.30.1.103    TLSv1   [TCP
Out-Of-Order] Client Hello
...
127     09:01:12.236662 172.30.1.103    172.30.1.180    TCP     [TCP segment of
a reassembled PDU]
128     09:01:12.236663 172.30.1.103    172.30.1.180    TCP     [TCP segment of
a reassembled PDU]
129     09:01:12.236766 172.30.1.180    172.30.1.103    TCP     nifty-hmi >
ldaps [ACK] Seq=71 Ack=2921 Win=64240 Len=0
130     09:01:12.236767 172.30.1.180    172.30.1.103    TCP     [TCP Dup ACK
129#1] nifty-hmi > ldaps [ACK] Seq=71 Ack=2921 Win=64240 Len=0
131     09:01:12.236866 172.30.1.103    172.30.1.180    TLSv1   Ignored Unknown
Record
132     09:01:12.239323 172.30.1.180    172.30.1.103    TLSv1   [TCP ACKed lost
segment] Certificate, Client Key Exchange, Change Cipher Spec, Encrypted
Handshake Message
133     09:01:12.239323 172.30.1.180    172.30.1.103    TLSv1   [TCP
Out-Of-Order] Certificate, Client Key Exchange, Change Cipher Spec, Encrypted
Handshake Message

Just wanted to mention that this seems to be an issue that deserves to be a
higher priority than Low.


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.