Why do some TLS packets show 'Application Data' in the 'Info' column while others show nothing, despite the fact that they have a payload?

asked Oct 26 '1

pairycoo
1 ●1

updated Oct 26 '1

grahamb

flag of United Kingdom of Great Britain and Northern Ireland

23850 ●4 ●988 ●227 https://www.wireshark.org

This PCAP file was captured from Thunderbird(POP). I want to include only TLS payload which I can use 'tls.app_data' filter command. However, I noticed that normally, TLS packets with a payload will show 'Application Data' in the 'Info' column, but as you can see, some just show blank, despite having a payload. What do they mean?

Thank you

Comments

Can you provide a larger screen shot (that includes the display filter) or capture file?
What version of Wireshark? (add output of wireshark -v or Help->About Wireshark to question)

Chuckc ( Oct 26 '1 )

Thanks for your reply @Chuckc. Please follow this link for a larger photo https://ibb.co/5RzYvR5. This is my filter 'tls and !tls.handshake and !_ws.expert' We can see the packets belong to the TLS protocol and all have a payload. Why all of their payloads is not TLS payloads whereas the protocol is TLSv1.2?

PS. My Wireshark version is 3.2.1.

pairycoo ( Oct 26 '1 )

add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Why do some TLS packets show 'Application Data' in the 'Info' column while others show nothing, despite the fact that they have a payload?

Comments

1 Answer

Your Answer

Question Tools

Stats

Related questions

Why do some TLS packets show 'Application Data' in the 'Info' column while others show nothing, despite the fact that they have a payload? savecancel

Comments

1 Answer

Your Answer

Question Tools

Stats

Related questions

Why do some TLS packets show 'Application Data' in the 'Info' column while others show nothing, despite the fact that they have a payload?