I'm having some annoying traffic (only on SSL websites) and can't find a proper cause. Please see here for pcap file: https://www.cloudshark.org/captures/efebf7bba359 One thing is I'm receiving lots of TCP DUPs (only on SSL sites - not on clearnet parts of the same target IPs!) Tried with several client systems aswell as Smartphones and different browsertypes. After receiving these DUPS from the internet, clients respond with a Type 21 error. (Doesn't show in the pcap file because it's only a snippet). Is this a common TLS/SSL behaviour? If so, then why does Wireshark hilight it? Second question: is there a possible correlation between DUPs on SSL packets and "Encryption Alert, type 21" errors? I can't find alot of info about it... any help is appreciated. asked 03 Feb '16, 13:43 boiiingg edited 03 Feb '16, 14:11 |