Wireshark-bugs: [Wireshark-bugs] [Bug 11481] New: v1.12.x will not reassemble some tcp packets
Bug ID |
11481
|
Summary |
v1.12.x will not reassemble some tcp packets
|
Product |
Wireshark
|
Version |
1.12.6
|
Hardware |
x86
|
OS |
Windows 7
|
Status |
UNCONFIRMED
|
Severity |
Major
|
Priority |
Low
|
Component |
Build process
|
Assignee |
bugzilla-admin@wireshark.org
|
Reporter |
tferguson@amadeus.com
|
Created attachment 13830 [details]
Packet captures of working and non-working TLS flows.
Build Information:
Sorry, I aleady upgraded to 1.99.8 (legacy) so I do not have the specific
version info. The problem was seen in v1.12.4 (64-bit); v1.12.6 (64-bit); and
v1.12.7 (64-bit).
--
Hello Wireshark,
Our company has intermittent TLS issues and we have captures of good and bad
flows. Wireshark v1.12.x shows the good flows with "tcp reassembled in PDU" and
the server certificate. However, the bad flows do not show tcp reassembled and
no server certificate. Using v1.99.8 shows the packets differently as well as
older versions like v1.2.4.
Attached is a packet capture showing the working and non-working flows. Frames
#1-27 are working and frames #28-43 are not working. Please compare frame #7
with #34.
Here are the difference seen with v1.12.x:
Frame 7: 1333 bytes on wire (10664 bits), 1333 bytes captured (10664 bits)
Ethernet II, Src: 10:f3:11:2b:ad:cb (10:f3:11:2b:ad:cb), Dst: c0:67:af:f0:8a:20
(c0:67:af:f0:8a:20)
Internet Protocol Version 4, Src: 66.185.180.169 (66.185.180.169), Dst:
82.150.229.186 (82.150.229.186)
Transmission Control Protocol, Src Port: 443 (443), Dst Port: 52064 (52064),
Seq: 1915555025, Ack: 3519736617, Len: 1267
[3 Reassembled TCP Segments (3908 bytes): #42(1282), #43(1368), #44(1258)]
Secure Sockets Layer
TLSv1.2 Record Layer: Handshake Protocol: Certificate
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 3903
Handshake Protocol: Certificate
Secure Sockets Layer
TLSv1.2 Record Layer: Handshake Protocol: Server Hello Done
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 4
Handshake Protocol: Server Hello Done
Frame 34: 1333 bytes on wire (10664 bits), 1333 bytes captured (10664 bits)
Ethernet II, Src: 00:1b:0c:4a:f7:fe (00:1b:0c:4a:f7:fe), Dst: c0:8c:60:f9:72:20
(c0:8c:60:f9:72:20)
Internet Protocol Version 4, Src: 66.185.180.169 (66.185.180.169), Dst:
82.150.229.186 (82.150.229.186)
Transmission Control Protocol, Src Port: 443 (443), Dst Port: 41487 (41487),
Seq: 1996043263, Ack: 3052627759, Len: 1267
Secure Sockets Layer
TLSv1.2 Record Layer: Handshake Protocol: Server Hello Done
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 4
Handshake Protocol: Server Hello Done
Yes, I notice the DSCP differences in the Server Hellos but I cannot say if
this is related to the TLS handshake problem.
Please let me know if more information is needed.
Thank you,
Tom Ferguson
Amadeus Network WAN Services
tferguson@amadeus.com
You are receiving this mail because:
- You are watching all bug changes.