Wireshark · Wireshark-users: Re: [Wireshark-users] Certificate Requestdoesn'tseem properly displayed

Wireshark-users: Re: [Wireshark-users] Certificate Requestdoesn'tseem properly displayed

From: "Ryerse, Mike (DIS)" <MikeRy@xxxxxxxxxx>

Date: Wed, 17 Sep 2008 08:42:05 -0700

It displays the same for me with or without the whole negotiation.  Here
is the whole capture.  Packet 39 is the packet that Ethereal 1.1.0 is
saying contains a certificate request, but Wireshark 1.0.3 does not.


Thanks,

Michael Ryerse


-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Sake Blok
Sent: Tuesday, September 16, 2008 10:52 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Certificate Requestdoesn'tseem properly
displayed

Mike,

The small capture file that you attached to your e-mail only one the
packet 
in it. For Wirshark to be able to dissect the ssl session properly, it
needs 
to see the whole ssl-negotiation. So we need at least all packets from
this 
ssl-session up to the packet showing "[malformed]".

Cheers,
       Sake


----- Original Message ----- 
From: "Jaap Keuter" <jaap.keuter@xxxxxxxxx>
To: "Community support list for Wireshark"
<wireshark-users@xxxxxxxxxxxxx>
Sent: Wednesday, September 17, 2008 7:25 AM
Subject: Re: [Wireshark-users] Certificate Request doesn'tseem properly 
displayed


Hi,

If this is so you should open a bugreport on https://bugs.wireshark.org.
Describe what you see and attach the capture there, so it won't be
forgotten 
and
a fix can be tested.

Thanx,
Jaap

Guy Harris wrote:
> On Sep 16, 2008, at 4:56 PM, Ryerse, Mike (DIS) wrote:
>
>> Wireshark 1.0.3 is displaying a specific SSLv3 packet as "Change
>> Cipher Spec, Encrypted Handshake Message", while Ethereal 1.1.0
>> displays it as "Change Cipher Spec, Certificate Request[Malformed
>> Packet]".
>>
>> Normally I would think the newer software is showing it correctly.
>
> I assume that
>
> 1) you meant "Wireshark 1.1.0", not "Ethereal 1.1.0" (the last
> release that had the name "Ethereal" rather than "Wireshark" was
0.99.1)
>
> and therefore that
>
> 2) Wireshark 1.1.0 is the newer software.
>
> Is that the case?

_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-users



_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-users

Attachment: kalahari_trace_1.cap
Description: kalahari_trace_1.cap

Follow-Ups:
- Re: [Wireshark-users] CertificateRequestdoesn'tseem properly displayed
  - From: Sake Blok

References:
- [Wireshark-users] Certificate Request doesn't seem properly displayed
  - From: Ryerse, Mike (DIS)
- Re: [Wireshark-users] Certificate Request doesn't seem properly displayed
  - From: Guy Harris
- Re: [Wireshark-users] Certificate Request doesn't seem properly displayed
  - From: Jaap Keuter
- Re: [Wireshark-users] Certificate Request doesn'tseem properly displayed
  - From: Sake Blok

Prev by Date: Re: [Wireshark-users] Certificate Request doesn't seemproperly displayed
Next by Date: Re: [Wireshark-users] Certificate Request doesn't seemproperly displayed
Previous by thread: Re: [Wireshark-users] Certificate Request doesn'tseem properly displayed
Next by thread: Re: [Wireshark-users] CertificateRequestdoesn'tseem properly displayed
Index(es):
- Date
- Thread