You report different problems here. Which one is concerning the WS capture? Only case 3?
It dies not necessarily need to be a bug, it could have to do with the capture settings:
http://www.wireshark.org/lists/wireshark-users/200704/msg00070.html
Also try and have a look at this one: http://blog.wisefaq.com/2009/04/08/ssl-errors-and-how-to-diagnose-them/
Are you using a proxy server?
From your suggestion, I disabled the "Allow subdissector to reassemble TCP streams"
option in the tcp protocol preferences.
below is how the last part of the trace now looks (Wireshark under debian using the Evolution mail client:
"SSLv3 [TCP Previous segment lost] Continuation Data, [Unreassembled P"
"TCP [TCP Dup ACK 45#1] 55898 > imaps [ACK] Seq=515 Ack=1582 Win=103" So I assume that this means that I am losing one or more packets?
If so, any ideas as to why?
[UPDATE 1] I also tried using webmail (under debian) and I am getting the same messages.
[UPDATE 2] Under Windows XP using a differnet infrastructure (+proxy), webmail works using IE and no error messages.
[UPDATE 3] After researching this issue from a SSL perspective, I found there appears to be issues where a conversation starts with SSL2 and changes to SSL3 after the initial handshake and these can manifest themselves "SSL Malformed Packet" errors. This seems to be true with OpenSSL; I assume SSL2 support is enabled by default and I will try to disable this and see if it makes a difference.
So why only on the external network (internet) using webmail or a mail client - but not my iPhone either using cellular or the same WIFI that the debian box is using. Note the debian is under VMWARE server 2. I will also try under XP.
Cheers
Douglas
6 Replies
3759 Views