Wireshark-users: Re: [Wireshark-users] Yum install centos 5.2

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Sun, 11 Oct 2009 16:12:14 -0700

On Oct 11, 2009, at 3:07 PM, Mike Brandonisio wrote:

I'm seeing what looks like encoded traffic.

\027\003\001\000

Any thoughts on how it is encoded?

Is this on port 25?  If so, it *might* be SMTP-over-TLS:

	http://tools.ietf.org/html/rfc2487

although I think newer versions of Wireshark/TShark should recognize the STARTTLS command and dissect traffic following it as TLS.