Ignored unknown packet
Newbie here for Wireshark :)
During a pentest someone did for us they came to the conclusion that sometimes our TLS1.2 traffic is in cleartext. I,m trying to figure out whether this is a poorly written app which seems ( according to the pcap file of the pentester) to send information over TLS 1.2 in clear text or that something else is going on.
It states about 4200 "ignored unknown packet" messages. Some of the pcap lines do indeed contain readable information which is supposed to be encrypted. (password, username are visible)
Is this perhaps a setting that Wireshark is decrypting packets ? Or might the app be sending unencrypted info via TLS 1.2 ?
This is the most likely cause. In some cases, Wireshark can decrypt TLS but you would have to configure the system to specific settings (see the Wiki) and then prep Wireshark with access to the crypto material. If you did not do this, then the issue is real. It would not be the first time unprotected data ends up in a TLS stream.