Re: question about bug 3303

[kolos_ws () ural2 hu]

Hi Sake,

> > In all my captures I see that the packet containing "Server Hello,
> > Certificate, Server Key Exchange, Encrypted Handshake Message" is
> > fragmented and I can't raise the MTU in my environment.
>
> At which layer do you see fragments? If it's at the IP layer (which your 
> remark to MTU size suggests), then this is definitely a different issue. 
> The issue in the bug report is a SSL record of more than 16k, which is 
> fragmented at the SSL layer. This automatically means there is 
> segmentation on the TCP layer and possibly fragmentation at the IP layer 
> too...
>
> Do you have "Reassemble fragmented IP datagrams" enabled in the IP 
> protocol preferences?

Firstly, I really appreciate you helpfulness.

This is what I see in my capture that makes me think this might be the 
same issue:

[..]
216 <timestamp> <srcip> <dstip> TCP   [TCP segment of a reassembled PDU]
217 <timestamp> <srcip> <dstip> TLSv1 Server Hello, Certificate, Server Key Exchange, Server Hello Done
[..]

And if I look at frame 217 below, it says:

* Frame 217 (341 bytes on wire, 341 bytes captured)
* Ethernet II, Src: ..., Dst: ... 
* Internet Protocol, Src: <srcip> (<srcip>), Dst: <dstip> (<dstip>)
* Transmission Control Protocol, Src Port: <srcportname> (<srcport>), Dst Port: <dstportname> (<dstport>), Seq: 1500, 
Ack: 313, Len: 287
* [Reassembled TCP Segments (1747 bytes): #216(1460), #217(287)]
* Secure Socket Layer

Sorry for the awkwark way of sending the capture across, but I believe I'm 
fairly restricted by company policies.

Looking at the above, does it resemble bug 3303?

Regards,

Kolos
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe