Hi All,
I have capture the logs and when i open i am not able to see client certificate in info but when i sent to another peer they are able to see. We both using same wireshark version.
Can you please suggest how we can enable that info.
The ClientCertificate is spread over frames 10, 11 and 12. In order for Wireshark to display the certificate, it needs to reassemble those frames and then it will show the Certificate in frame 12. If you use the default Wireshark profile, this should work. If you use a custom profile, please make sure that:
Tshark should give the following output for your current profile if all is set correctly:
$ tshark -G currentprefs | egrep '^#?(ip|tcp|tls)\..*(checksum|desegment).*'
#ip.check_checksum: FALSE
#tcp.check_checksum: FALSE
#tcp.desegment_tcp_streams: TRUE
#tls.desegment_ssl_records: TRUE
#tls.desegment_ssl_application_data: TRUE
$
Asked: 2021-06-24 13:53:04 +0000
Seen: 1,449 times
Last updated: Jun 25 '21
Difficult to say without access to the capture file, can you share it?
The difference may be down to profiles in use on each instance, are both Wireshark instances using the same profile?
can you please share the details where i can send the logs. Are you using Teams/Skype
Copy the capture to a public share, e.g. Google Drive, DropBox etc. and post a link to it back here.
As @grahamb stated, it's difficult to say without more information, but if I were to guess, I'd say it's likely that there are one or more differences in the applied preferences and if I were a betting man, I'd place my bet on TCP reassembly. Try comparing preferences and even performing a diff of the
preferencesfiles in use between the two systems.https://drive.google.com/file/d/1yn_d...
I have uploaded the capture file there