Wireshark · Wireshark-users: Re: [Wireshark-users] Same SEQ number but different ACKs

Wireshark-users: Re: [Wireshark-users] Same SEQ number but different ACKs

From: Sake Blok <sake@xxxxxxxxxx>

Date: Mon, 14 Apr 2008 00:29:28 +0200

On Sun, Apr 13, 2008 at 05:28:01PM -0400, Sheahan, John wrote:
> 
> My question is, after doing some research on Encryption Alert (21), it
> seems to imply some kind of fatal error yet you say that the ssl
> connection gets closed cleanly?

"Encrypted Alert" means that a ssl alert has been sent while the
session is already being encrypted. One of the alerts is the 
"Close Notify" message, which tells the other side that it wants 
to tear down the SSL session. This is called a clean ssl shutdown
opposed to just closing the TCP session without properly tearing
down the SSL session (which is called an unclean ssl shutdown).

Since the Encrypted Alerts appear just before the TCP/FIN's I just
assume that they are in fact of the type "Close Notify". 

Cheers,
    Sake

References:
- Re: [Wireshark-users] Same SEQ number but different ACKs
  - From: Sheahan, John
- Re: [Wireshark-users] Same SEQ number but different ACKs
  - From: Sheahan, John

Prev by Date: Re: [Wireshark-users] Redback protocol decoding error?
Next by Date: Re: [Wireshark-users] Installing Wireshark on OS X = clear as mud
Previous by thread: Re: [Wireshark-users] Same SEQ number but different ACKs
Next by thread: [Wireshark-users] Reading from a large trace file
Index(es):
- Date
- Thread