I had thought about trying to decode that, but all of the test traces I had
were proprietary. I'm hoping that the TDS isn't decodable (without other
key information) but the TLS exchange should be. It requires knowing more
about TLS. :-)
Craig
On Fri, Aug 14, 2020 at 10:31 AM Graham Bloice
wrote
Yep, that's what's happening, see here:
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-tds/60f56408-0188-4cd5-8b90-25c6f2423868,
somewhat similar to the STARTTLS behaviour in SMTP for example.
There's currently no code in the TDS dissector to hand-off to the TLS
dissector.
On Fri
