While running Wireshark 1.4.4 I found that many of the TLSv1 messages were not being reassembled, but left as [Unreassembled Packet]/Ignored Unknown Record. Having checked the existing documentation on this, I made sure that in the TCP preferences, checksum validation is unchecked, and "allow subdissector to reassemble TCP streams is checked." I also made sure that "Reassemble SSL records spanning multiple TCP segements" and "Reassemble SSL Application Data spanning multiple SSL records" were checked within the SSL preferences. I also upgraded to v1.6.1, in case there was something wrong with my version. Despite all this, this problem persisted - the packets are not reassembled.
In the packets marked "[Unreassembled Packet]", there is an error message, stating:
[Expert Info (Warn/Reassemble): Unreassembled Packet (Exception occurred)] [Message: Unreassembled Packet (Exception occurred)] [Severity level: warn] [Group: Reassemble]
Your help would be appreciated.
asked 11 Aug '11, 08:54
Please make sure the following requirements are met:
If things are still not dissected properly, please post your capture file to www.cloudshark.org and paste the link to the file here in a comment.
answered 03 Jul '12, 10:01