Wireshark-bugs: [Wireshark-bugs] [Bug 8075] The SSL dissector stops decrypting the SSL conversat

Date: Tue, 11 Dec 2012 18:47:22 +0000

changed bug 8075

What Removed Added
Status INCOMPLETE CONFIRMED

Comment # 7 on bug 8075 from
Looks like we might not need the key after all - here's what it looks like is
happening (all frame numbers refer to the capture from the monitoring server):

- frame 492 is the beginning of a jumbo ssl frame, which, if my manual decoding
of the SSL header is correct, has a length of 16,403 bytes.

- frames 492, 493, 497 and 498 are all marked as tcp segments to be
reassembled, which is correct

- frames 499 onwards are not considered segments for some reason, even though
the requisite length total has not yet been reached to reconstruct - the
reconstruction is abandoned, and wireshark attempts to dissect the middle of
the jumbo ssl packet as an ssl header, which fails for obvious reasons


Not sure of the root cause yet, but it definitely looks like a bug. Perhaps we
are overflowing a length counter somewhere...

I will take a closer look this evening.

Cheers,
Evan


You are receiving this mail because:
  • You are watching all bug changes.