Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Without the handshake Wireshark does not know the size of the Message Authentication Code (MAC) and possibly padding. That is needed for a correct dissection.

A feature request can be done at

In the past, before complete sessions with NULL ciphers were dissected, I had a similar issue and made a little modification in the upper layer protocol to simply skip the 5-byte Application Data header. That was good enough in my case.