This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I'm having some annoying traffic (only on SSL websites) and can't find a proper cause. Please see here for pcap file: https://www.cloudshark.org/captures/efebf7bba359

One thing is I'm receiving lots of TCP DUPs (only on SSL sites - not on clearnet parts of the same target IPs!) Tried with several client systems aswell as Smartphones and different browsertypes.

After receiving these DUPS from the internet, clients respond with a Type 21 error. (Doesn't show in the pcap file because it's only a snippet). Is this a common TLS/SSL behaviour? If so, then why does Wireshark hilight it?

Second question: is there a possible correlation between DUPs on SSL packets and "Encryption Alert, type 21" errors? I can't find alot of info about it... any help is appreciated.

asked 03 Feb '16, 13:43

boiiingg's gravatar image

boiiingg
2335
accept rate: 0%

edited 03 Feb '16, 14:11

Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×319
×193
×75
×14
×1

question asked: 03 Feb '16, 13:43

question was seen: 984 times

last updated: 03 Feb '16, 14:11

p​o​w​e​r​e​d by O​S​Q​A