I'm not sure if this is a bug in Wireshark or not. HINT: You will see the Server Hello only, if you save the filtered packets and re-open it in Wireshark. SOLUTION: If I remove the duplicate packets with MAC address 00:01:2e:31:0c:a6, the SSL dissector detects the Server Hello.Ĭapture file with Filter tcp.stream eq 2 and not eth.src = 00:01:2e:31:0c:a6 do you get SSL warnings in the browser?.Together with the duplicate packets, this looks at least kind of strange !?! Either the server hands out different certs for different geo regions ( can somebody else please check), or 'something' is tampering with your SSL connection.
Your capture: Certificate (id-at-commonName=207.25.252.200,id-at-organizationName=IBM,id-at-localityName=Armonk,id-at-stateOrProvinceName=New York,id-at-countryName=US,id-at-serialNumber= izt26fL9ceWum7uCe3Wzwh/g7mXtrFsH ) The subject in the certificate you got is different than in my test with curl.Ĭurl test: Certificate (id-at-commonName=207.25.252.200,id-at-organizationName=IBM,id-at-localityName=Armonk,id-at-stateOrProvinceName=New York,id-at-countryName=US,id-at-serialNumber= fleRakbayAlG8AP-jh3-xkyBPpwYMPab ).Can you identify that MAC address on your network?.That MAC address (00:01:2e:31:0c:a6) appears several times in the capture file with different IP addresses!! Maybe some kind of MAC/IP spoofing.There is a problem with your capture file.Ĭapture file with Filter tcp.stream eq 2, AND with duplicate packets
0 kommentar(er)
