This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Malformed packets with using encryption?

0

Hello,

I sent a document with IPP - using https://address:631/printers/XXX or with IPP+TLS - using ipp://address:631/printers/XXX??encryption=required. Then I looked into capture file and IPP packets were malformed (printer output was correct). Is it normal (because of TLS) or is something wrong with it? When I try normal ipp://address:631/printers/XXX everything is OK.

Thank you.

asked 12 Dec '13, 05:59

Andyn's gravatar image

Andyn
6335
accept rate: 0%

nobody? :)

(25 Dec '13, 10:49) Andyn

Well, can you provide a capture file?

(25 Dec '13, 12:21) Kurt Knochner ♦

Here it is: http://leteckaposta.cz/877815894 (I can't add a comment - akismet thinks it's spam)

(26 Dec '13, 13:08) Andyn

can you please add the frame number(s) of the "malformed packets".

(27 Dec '13, 04:07) Kurt Knochner ♦

One Answer:

0

Wireshark tries to dissect the TLS packets as IPP protocol.

You need to "decode as" the tcp.port 631 traffic and map it to SSL after HTTP/1.1 101 Switching Protocols message has flown. From then on it's all TLS

answered 27 Dec '13, 08:14

mrEEde's gravatar image

mrEEde
3.9k152270
accept rate: 20%