 | 1 | initial version |
Without the handshake Wireshark does not know the size of the Message Authentication Code (MAC) and possibly padding. That is needed for a correct dissection.
A feature request can be done at https://gitlab.com/wireshark/wireshark/-/issues
In the past, before complete sessions with NULL ciphers were dissected, I had a similar issue and made a little modification in the upper layer protocol to simply skip the 5-byte Application Data header. That was good enough in my case.
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
