Server Keyexchange & Server Hello Done packets

asked 2020-02-27 18:03:59 +0000

Newbee here as far as this forum goes.

I was looking at a SKE and SHD packet on Wireshark. It shows in the main area as 'Server Key Exchange, Server Hello Done' as one packet. In the packet area, it shows both packets in the TLS packet area as a 1038 length and 4 length packets. Great. However, when looking at the Frame packet (only 585 bytes), the last part of the frame packet is the Server Hello Done (16 03 03 00 04 0e), and prior to that, only the last part of the KE packet. There is no 16 03 03 04 0e 0c ... KE preamble in the frame packet itself. I thought the frame packet had the everything in it. Why does the packet show 585 bytes, and as 'Server Key Exchange, Server Hello Done' , but not have all the bytes in it?

edit retag flag offensive close merge delete