Hello,
When trying to decrypt an SSL stream using Wireshark 0.99.7 (Debian Lenny),
I'm seeing lots of "wrong" tcp checksums generated in packets leaving my
observed server.
As wireshark indicates, this could mean that tcp checksum calculation is
offloaded to the NIC.
What I'm wondering is if Wireshark is able or willing to reassemble SSL
packets even if they have wrong TCP checksums.
Currently, I'm having some trouble with this: I have singled out an SSL
stream where the packets sent out by the server suffer from the wrong TCP
checksum. While I can see the HTTP inside the server-side generated SSL
packets (by selecting "SSL Segment Data" under SSL/SSLv3 Record Layer),
this HTTP is not shown / parsed when I do a "follow SSL stream" (i.e. the
same HTTP does NOT show up in the resulting pup-up window).
Is this behaviour caused by the fact that some TCP checksums are
incorrect, or does this simply mean there's REALLY something wrong with my
packet stream?
Thanks,
Pieter