Wireshark mailing list archives
Re: Encrypted Alert
From: "Sheahan, John" <John.Sheahan () priceline com>
Date: Tue, 5 Jan 2010 15:56:12 -0500
Thank you Sake, for your detailed explaination. John -----Original Message----- From: wireshark-users-bounces () wireshark org [mailto:wireshark-users-bounces () wireshark org] On Behalf Of Sake Blok Sent: Monday, January 04, 2010 7:51 PM To: Community support list for Wireshark Subject: Re: [Wireshark-users] Encrypted Alert On Mon, Jan 04, 2010 at 06:22:38PM -0500, Sheahan, John wrote:
I am troubleshooting some SSL conversations for an intermittent error that occurs very randomly. At this point, I don't have anything to go by except a trace which is supposed to have been taken during the event.
Does the problem description suggest a problem at the transport layer (including SSL)? Or might the problem be at the Application layer? Which protocol is carried inside SSL in your case (I assume http, but as you know, assumption is the mother of all <beep>).
However, I do see an "Encrypted Alert" message just before the TCP sessions FINs out....is this something to be concerned about?
That depends... the Encrypted Alert can be a normal "Close Notify" message, this usualy happens after some application data has been exchanged. If the Encrypted Alert comes in the ssl session setup (before any application data has been exchanged), then it might indicate a problem. Hope this helps, Cheers, Sake PS Have a look at the slides of the presentation I gave at Sharkfest last year, they might help you in troubleshooting SSL traffic: https://www.cacetech.com/sharkfest.09/AU2_Blok_SSL_Troubleshooting_with_Wireshark_and_Tshark.pps or watch the video of my session at: http://www.lovemytool.com/blog/2009/06/sake_blok_11.html ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Encrypted Alert Sheahan, John (Jan 04)
- Re: Encrypted Alert Sake Blok (Jan 04)
- Re: Encrypted Alert Sheahan, John (Jan 05)
- Re: Encrypted Alert Sake Blok (Jan 04)