I am analyzing a captured TLS/SSL session with Wireshark. Although I know that its a HTTPS session I wonder how Wireshark can indicate the Application Data as HTTP too. Every since the record structure for Application Data provides Content Type (23) and Application Data Length only!
Example: SSLv3 Record Layer: Application Data Protocol: http
Any help on this is very much appreciated! Thanks
asked 14 Aug '12, 07:08
it cannot. That peace of information is just added by the HTTP dissector while registering the SSL dissector to handle SSL/TLS sessions.