Yep, that's what's happening, see here: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-tds/60f56408-0188-4cd5-8b90-25c6f2423868, somewhat similar to the STARTTLS behaviour in SMTP for example.
There's currently no code in the TDS dissector to hand-off to the TLS dissector. On Fri, 14 Aug 2020 at 14:50, nalini.elk...@insidethestack.com < nalini.elk...@insidethestack.com> wrote: > Hello List, > > I have a trace from a Microsoft SQL server using TDS. > > Tabular Data Stream <https://en.wikipedia.org/wiki/Tabular_Data_Stream> > > Tabular Data Stream > > During the early development of Sybase SQL Server, the developers at > Sybase perceived the lack of a commonly acc... > <https://en.wikipedia.org/wiki/Tabular_Data_Stream> > > > It looks like the first part of it is the TLS exchange. I am attaching > trace. Any thoughts on a potential breakout of this? > > If I decode as TLS, then the application data packets appear to decode > fine but not the TLS handshake. > > Thoughts? > > Nalini Elkins > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> > Archives: https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org > ?subject=unsubscribe -- Graham Bloice Software Developer Trihedral UK Limited
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
