Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

The TCP payload of NDM packets doesn't start with a SSL record.
C:D adds a 20 byte header in front of the SSL records.
This is why wireshark cannot dissect the SSL record at offset 0 after the TCP header. image description

Regards Matthias

The TCP payload of NDM packets doesn't start with a SSL record.
C:D adds a 20 byte header in front of the SSL records.
This is why wireshark cannot dissect the SSL record at offset 0 after the TCP header. image description

Regards Matthias In this case the session is using TLS1.0

image description

If you are interested in the SSL/TLS Version being used only you can create a coloring rule to give you a hint.

@C:D [email protected][0:4]== "TCP2" and data[21:2][email protected][56198,46230,57775][0,0,0]
@C:D [email protected][0:4]== "TCP2" and data[21:2][email protected][56198,46230,57775][0,0,0]
@C:D [email protected][0:4]== "TCP2" and data[21:2][email protected][56198,46230,57775][0,0,0]
@C:D [email protected][0:4]== "TCP2" and data[21:2][email protected][56198,46230,57775][0,0,0]

Regards Matthias