Wireshark · Wireshark-users: Re: [Wireshark-users] Wrong protocol detection

Wireshark-users: Re: [Wireshark-users] Wrong protocol detection - wrong decryption

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Wed, 4 Apr 2012 13:34:27 -0400

On Apr 3, 2012, at 7:35 AM, bitozoid wrote:

> This is another capture. Still having the same problem.

It might be that the way the SMTP dissector is handling STARTTLS causes it to arrange that, once the first pass is done, *all* packets in that TCP connection are being dissected as SSL/TLS packets, even the ones *before and including* the STARTTLS.

I have a started-long-ago-but-never-finished project to do something to the STARTTLS handling; I'll have to go back to it, but it might've been attempting to solve a problem of that sort.

Do you have a capture that you can send me that shows this problem?  (You don't have to send me anything needed to decrypt it to at least let me look at it initially.)

References:
- [Wireshark-users] Wrong protocol detection - wrong decryption
  - From: bitozoid
- Re: [Wireshark-users] Wrong protocol detection - wrong decryption
  - From: bitozoid

Prev by Date: Re: [Wireshark-users] Wrong protocol detection - wrong decryption
Next by Date: Re: [Wireshark-users] Calling MAC-LTE dissctor from lua dissector on the rest of te data
Previous by thread: Re: [Wireshark-users] Wrong protocol detection - wrong decryption
Next by thread: [Wireshark-users] Wireless Capture
Index(es):
- Date
- Thread