i cannot figure out why when i apply the filter ssl.handshake.certificate to a trace i see nothing and others in the same unit with the same trace see the packets. is there a setting to ignore or hide these packets? asked 09 Sep '13, 10:21  mhumphries73 |
3 Answers:
Is your session using a well-known ssl port number like 443? Otherwise you need to use the 'decode as' function and map the connection to SSL protocol answered 09 Sep '13, 11:06  mrEEde2 |
Please make sure you have the following protocol settings configured:
answered 09 Sep '13, 22:06  SYN-bit ♦♦ •TCP: enable "Allow subdissector to reassemble TCP streams" had to be changed but that did not correct the issue :( (10 Sep '13, 09:02) mhumphries73 One more setting that might be of influence (where there are retransmissions or duplicate packets in the trace): TCP: enable "Do not call subdissectors for error packets" (10 Sep '13, 11:05) SYN-bit ♦♦ |
maybe the SSL dissector is disabled on your system. Please check:
Regards answered 10 Sep '13, 07:14  Kurt Knochner ♦ edited 10 Sep '13, 07:20 verified that this setting is enabled (10 Sep '13, 08:28) mhumphries73 as you have checked and tested several options, I suggest to compare the settings of your colleagues with your settings. So, please get a copy of their Wireshark settings (%APPDATA%\Wireshark*) and compare that with your settings. You can use a visual diff tool for that, like WinMerge (http://winmerge.org) (10 Sep '13, 14:59) Kurt Knochner ♦ |
it is not however i have added the port (7043) to the http protocol information in preferences ( i also tried the decode as ) still nothing.
can you add a screenshot of your wireshark showing the ssl packet and possibly provide the trace file on www.cloudshark.org