A wireshark trace of a TLS mailflow has packets with "Ignored Unknown Record" and I can't seem to find a solution to display them.
Allow Subdissector to Reassemble TCP Streams as suggested by Laura's is already checked.
What else may cause Ignored Unknown Record ?
asked 04 Dec '13, 11:54
You probably have a SMTP handshake happening before the TLS negotiation. See http://en.wikipedia.org/wiki/SMTP_Authentication . So, if you do the "Decode as SSL" on all packets wireshark will treat those as unknown TLS.
answered 04 Dec '13, 21:20
Maybe your mail server (deducted from the phrase 'mailflow') uses a TLS record type that is unknown to Wireshark (in general, or the version you are using).
From the code: packet-ssl.c
Then from RFC2246 chapter 6
Then from packet-ssl-utils.c
answered 04 Dec ‘13, 14:55
Kurt Knochner ♦
edited 04 Dec ‘13, 15:04