I had thought about trying to decode that, but all of the test traces I had were proprietary. I'm hoping that the TDS isn't decodable (without other key information) but the TLS exchange should be. It requires knowing more about TLS. :-)
Craig On Fri, Aug 14, 2020 at 10:31 AM Graham Bloice <graham.blo...@trihedral.com> wrote: > Yep, that's what's happening, see here: > https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-tds/60f56408-0188-4cd5-8b90-25c6f2423868, > somewhat similar to the STARTTLS behaviour in SMTP for example. > > There's currently no code in the TDS dissector to hand-off to the TLS > dissector. > > On Fri, 14 Aug 2020 at 14:50, nalini.elk...@insidethestack.com < > nalini.elk...@insidethestack.com> wrote: > >> Hello List, >> >> I have a trace from a Microsoft SQL server using TDS. >> >> Tabular Data Stream <https://en.wikipedia.org/wiki/Tabular_Data_Stream> >> >> Tabular Data Stream >> >> During the early development of Sybase SQL Server, the developers at >> Sybase perceived the lack of a commonly acc... >> <https://en.wikipedia.org/wiki/Tabular_Data_Stream> >> >> >> It looks like the first part of it is the TLS exchange. I am attaching >> trace. Any thoughts on a potential breakout of this? >> >> If I decode as TLS, then the application data packets appear to decode >> fine but not the TLS handshake. >> >> Thoughts? >> >> Nalini Elkins >> >> ___________________________________________________________________________ >> Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> >> Archives: https://www.wireshark.org/lists/wireshark-dev >> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev >> mailto:wireshark-dev-requ...@wireshark.org >> ?subject=unsubscribe > > > > -- > Graham Bloice > Software Developer > Trihedral UK Limited > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> > Archives: https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org > ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
