Is it possible that wireshark doesn't recognize protocol?
I have some encrypted traffic but, for the same source and destination IPs and ports which are simultaneous, Wireshark assigns different protocol type as shown in picture. what is wrong here? why it confuses protocol type?
PS: The IP addresses which are hidden in the picture are the same IP addresses
Comments
Do you mean TCP and SSL as different protocols? If so: SSL is embedded in TCP. When there is TCP payload (tcp.len >0) Wireshark shows SSL. If there is not TCP payload: Wireshark show TCP as protocol.
@Uli. Yes TCP, SSL, and SSLv2, SSLv3. Also, it marks the packet as TCP when tcp.len>0 and is TCP segment of reassembled PDU.