Evan Huus
changed
bug 8075
What |
Removed |
Added |
Status |
INCOMPLETE
|
CONFIRMED
|
Comment # 7
on bug 8075
from Evan Huus
Looks like we might not need the key after all - here's what it looks like is
happening (all frame numbers refer to the capture from the monitoring server):
- frame 492 is the beginning of a jumbo ssl frame, which, if my manual decoding
of the SSL header is correct, has a length of 16,403 bytes.
- frames 492, 493, 497 and 498 are all marked as tcp segments to be
reassembled, which is correct
- frames 499 onwards are not considered segments for some reason, even though
the requisite length total has not yet been reached to reconstruct - the
reconstruction is abandoned, and wireshark attempts to dissect the middle of
the jumbo ssl packet as an ssl header, which fails for obvious reasons
Not sure of the root cause yet, but it definitely looks like a bug. Perhaps we
are overflowing a length counter somewhere...
I will take a closer look this evening.
Cheers,
Evan
You are receiving this mail because:
- You are watching all bug changes.