Bug ID |
12132
|
Summary |
Client Hello not dissected when failed SSL handshake fully captured
|
Product |
Wireshark
|
Version |
2.0.1
|
Hardware |
x86-64
|
OS |
Windows 10
|
Status |
UNCONFIRMED
|
Severity |
Minor
|
Priority |
Low
|
Component |
Dissection engine (libwireshark)
|
Assignee |
[email protected]
|
Reporter |
[email protected]
|
Created attachment 14335 [details]
Zipped files
Build Information:
Version 2.0.1 (v2.0.1-0-g59ea380 from master-2.0)
Copyright 1998-2015 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with Qt 5.3.2, with WinPcap (4_1_3), with libz 1.2.8, with
GLib 2.42.0, with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.2, with GnuTLS
3.2.15, with Gcrypt 1.6.2, with MIT Kerberos, with GeoIP, with QtMultimedia,
with AirPcap.
Running on 64-bit Windows 10, build 10586, with locale C, with WinPcap version
4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch
1_0_rel0b (20091008), with GnuTLS 3.2.15, with Gcrypt 1.6.2, without AirPcap.
Intel(R) Core(TM) i5-4300U CPU @ 1.90GHz (with SSE4.2), with 8097MB of physical
memory.
Built using Microsoft Visual C++ 12.0 build 31101
--
When opening a capture file with a failed SSL handshake, wireshark does not
mark the packet as SSL or show the Client Hello information.
When cutting the capture file short (so not including the failing part) the SSL
information is displayed successfully.
I have included 2 capture files to show the problem.
session.full_anon.pcap: packet 4 should be the Client Hello, but it doesn't
dissect it properly.
session.part_anon.pcap: packet 4 show correctly.
I've tried to anonymize the files as much as possible. Please treat them as
confidential.
Reference:
https://ask.wireshark.org/questions/50212/ssl-dissector-not-displaying-client-hello
You are receiving this mail because:
- You are watching all bug changes.