This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I've followed the described way in WIreshark's Guide but it didn't work. Is there any hint about how the reassembling should be implemented in a sub dissector works under SSL. I've given more details about the problem in a question in Wireshark but I haven't received any comments or answers about it. I thought my question was too specific that no body can answer or go through it so I decided to ask a more general question hoping that it could lead me to some tips to solve my problem :)

The most similar question in Wireshark to mine is here but it wasn't helpful for me.

Thank you. Flora

asked 06 Aug '15, 09:28

flora's gravatar image

flora
156313338
accept rate: 100%

edited 06 Aug '15, 22:53

I think it not, as in, the SSL layer is supposed to manage reassembly at the TCP layer, while it handles the reasembly of SSL (application) records. See also the various TCP and SSL preference settings. It may well be a bug in that part of the code, this is complicated stuff to make/test.

(06 Aug '15, 22:40) Jaap ♦

" while it handles the reasembly of SSL (application) records"

So is it like SSL handles the reassembly of TCP and the sub-dissector under SSL should handle the reassembly of SSL?

(06 Aug '15, 22:52) flora

Ah no, the SSL dissector, like other dissectors on top of the TCP dissector, can use the facilities provided by the TCP dissector to do reassembly (like you've seen documented). From the looks of it (derived from the SSL preferences) the SSL dissector takes care of its own, and should pass full application segments. But I haven't looked at the code in detail, so I might miss some important details.

(07 Aug '15, 05:31) Jaap ♦
Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×1,620
×319
×27
×19

question asked: 06 Aug '15, 09:28

question was seen: 2,233 times

last updated: 07 Aug '15, 05:31

p​o​w​e​r​e​d by O​S​Q​A