2020-08-12 13:53:23 +0000 | commented answer | IS SSTP-dissector broken or can I simply not select it? Done - I was to blind to see how I did it :) |
2020-08-12 13:53:06 +0000 | marked best answer | IS SSTP-dissector broken or can I simply not select it? Hello. Trying both my own capture and the example-files provided in the Wiki ( https://gitlab.com/wireshark/wireshar... ). I cannot seem to get wireshark to display SSTP properly. In the example I am able to decrypt the TLS-stream, but now it only shows "HTTP continuation"-packets. Trying to use "Decode As" will not allow me to select SSTP. If I understand this correct SSTP is basically Data-in-PPP-in-HTTP-in-TLS. |
2020-08-12 13:53:06 +0000 | received badge | ● Scholar (source) |
2020-08-12 12:57:34 +0000 | commented answer | IS SSTP-dissector broken or can I simply not select it? Cheers! that was the answer I needed. For newest version this also seems to work past the inner EAP-authentication. |
2020-08-12 11:47:09 +0000 | commented question | IS SSTP-dissector broken or can I simply not select it? Content length seems to be a according to spec: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-sstp/7e5 |
2020-08-12 10:02:11 +0000 | received badge | ● Editor (source) |
2020-08-12 10:02:11 +0000 | edited question | IS SSTP-dissector broken or can I simply not select it? IS SSTP-dissector broken or can I simply not select it? Hello. Trying both my own capture and the example-files provide |
2020-08-12 09:51:19 +0000 | asked a question | IS SSTP-dissector broken or can I simply not select it? IS SSTP-dissector broken or can I simply not select it? Hello. Trying both my own capture and the example-files provide |