TLS 1.2 error Ignored unknown record
Hi , When I look up the pcap , I see a lot of TLS error
1 Answer
- Sort by
oldest newest most voted
0
When you see a lot of "Ignored unknown record" messages, it usually means reassembly is failing at some point. Can you make sure you have set the following protocol preferences:
- Make sure checksum checking is off at the ethernet, IP and TCP layer (as a checksum error will stop reassembly)
- Make sure "Allow subdissectors to reassemble TCP streams" is enabled in the TCP protocol preferences
- Make sure "Reassemble TLS records spanning multiple TCP segment" is enabled in the TLS protocol preferences
- Make sure "Reassemble TLS application data spanning multiple TCP records" is enabled in the TLS protocol preferences
Comments
Thanks for your quick reply.
I am not sure you can access my one drive link
Hi SYN-Bit ,
Could you let me know where can I check the requirements you said ?
Server side or end user side ? or Network device ?
The settings I mentioned are settings in Wireshark :-)
You can edit them by going to "Preferences" -> "Protocols" and then the mentioned protocols
BTW I am not able to access the files, I think will have to make them "public" for other people to see them without having to log in.
Hi Sake ,
I can't share the link cause of our company policy.
Your Answer
Please start posting anonymously - your entry will be published after you log in or create a new account.
This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.
Comments
If I haven't enough point , How can I upload files ?
You can upload files to any prublic file sharing service (like box, dropbox, onedrive or google drive) and paste the linkt to it here. Please make sure you anonymized and scrubbed the file before uploading it if it contains any sensitive data.