Wireshark · Wireshark-users: [Wireshark-users] Strange behaviour in SSL request

Wireshark-users: [Wireshark-users] Strange behaviour in SSL request

From: John Meletis <John.Meletis@xxxxxxxxxxxxx>

Date: Thu, 4 Feb 2010 14:43:05 +0000

Hi All ,

I can’t explain the time gap between packet 13 and 14 (the time is time from start of capture)

No. Time Source Destination Protocol Info

1 0.000000 10.205.15.30 192.168.30.54 TCP 23015 > https [SYN] Seq=0 Win=65535 Len=0 MSS=1460

2 0.009511 192.168.30.54 10.205.15.30 TCP https > 23015 [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1460

3 0.009569 10.205.15.30 192.168.30.54 TCP 23015 > https [ACK] Seq=1 Ack=1 Win=65535 Len=0

4 0.010502 10.205.15.30 192.168.30.54 TLSv1 Client Hello

5 0.012622 192.168.30.54 10.205.15.30 TCP [TCP segment of a reassembled PDU]

6 0.012746 192.168.30.54 10.205.15.30 TCP [TCP segment of a reassembled PDU]

7 0.012771 10.205.15.30 192.168.30.54 TCP 23015 > https [ACK] Seq=71 Ack=2921 Win=65535 Len=0

8 0.014119 192.168.30.54 10.205.15.30 TCP [TCP segment of a reassembled PDU]

9 0.014140 192.168.30.54 10.205.15.30 TLSv1 Server Hello, Certificate, Server Hello Done

10 0.014161 10.205.15.30 192.168.30.54 TCP 23015 > https [ACK] Seq=71 Ack=4507 Win=65535 Len=0

11 0.016260 10.205.15.30 192.168.30.54 TLSv1 Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message

12 0.029695 192.168.30.54 10.205.15.30 TLSv1 Change Cipher Spec, Encrypted Handshake Message

13 0.322017 10.205.15.30 192.168.30.54 TCP 23015 > https [ACK] Seq=381 Ack=4550 Win=65492 Len=0

14 45.028764 10.205.15.30 192.168.30.54 TCP 23015 > https [FIN, ACK] Seq=381 Ack=4550 Win=65492 Len=0

16 45.029957 192.168.30.54 10.205.15.30 TCP https > 23015 [ACK] Seq=4550 Ack=382 Win=65155 Len=0

17 45.030298 192.168.30.54 10.205.15.30 TCP https > 23015 [RST, ACK] Seq=4550 Ack=382 Win=0 Len=0

Any help ????

Thank you

Follow-Ups:
- Re: [Wireshark-users] Strange behaviour in SSL request
  - From: Sake Blok