How does wireshark determine the application data protocol when the message is TLS encrypted?
I logged some MQTT PINGREQ/PINGRESP messages that are TLS 1.2 encrypted. To my undestanding TLS should encrypt the entire MQTT message (heaeder+payload), or does it not? But in the Transport Layer Security section of the packet descriptions wireshark shows that the application data protocol is MQTT. How can it know that without decrypting the TLS? I did not provide wireshark with the keys etc to perform a decryption. Thanks for any help :)