I've followed the described way in WIreshark's Guide but it didn't work. Is there any hint about how the reassembling should be implemented in a sub dissector works under SSL. I've given more details about the problem in a question in Wireshark but I haven't received any comments or answers about it. I thought my question was too specific that no body can answer or go through it so I decided to ask a more general question hoping that it could lead me to some tips to solve my problem :) The most similar question in Wireshark to mine is here but it wasn't helpful for me. Thank you. Flora asked 06 Aug '15, 09:28 flora edited 06 Aug '15, 22:53 |
I think it not, as in, the SSL layer is supposed to manage reassembly at the TCP layer, while it handles the reasembly of SSL (application) records. See also the various TCP and SSL preference settings. It may well be a bug in that part of the code, this is complicated stuff to make/test.
" while it handles the reasembly of SSL (application) records"
So is it like SSL handles the reassembly of TCP and the sub-dissector under SSL should handle the reassembly of SSL?
Ah no, the SSL dissector, like other dissectors on top of the TCP dissector, can use the facilities provided by the TCP dissector to do reassembly (like you've seen documented). From the looks of it (derived from the SSL preferences) the SSL dissector takes care of its own, and should pass full application segments. But I haven't looked at the code in detail, so I might miss some important details.