TLSv1 Record Layer: Encrypted Alert

I am trying to dubug an Encrypted Alert situation. I have captured and am showing some information below to describe the problem. Any insight would be very helpful.

Thank You.

The client makes a hello request in frame 778 The server responds with its certificate and then continued bytes from the server certificate. The client then sends an "Encrypted handshake message" The client then sends its certificate with Client Key exchange and also indicates a change of cipher spec. In frame 917, we can see an encrypted alert!

No. Source Destination Info 773 192.168.1.5 162.254.186.105 2103→443 [SYN] Seq=0 Win=16384 Len=0 MSS=1460 SACK_PERM=1

Frame 773: 62 bytes on wire (496 bits), 62 bytes captured (496 bits) on interface 0 Ethernet II, Src: IntelCor_6b:4d:3d (00:19:d2:6b:4d:3d), Dst: Netgear_2b:72:26 (20:4e:7f:2b:72:26) Internet Protocol Version 4, Src: 192.168.1.5 (192.168.1.5), Dst: 162.254.186.105 (162.254.186.105) Transmission Control Protocol, Src Port: 2103 (2103), Dst Port: 443 (443), Seq: 0, Len: 0

No. Source Destination Info 774 162.254.186.105 192.168.1.5 443→2103 [SYN, ACK] Seq=0 Ack=1 Win=14600 Len=0 MSS=1380 SACK_PERM=1

Frame 774: 62 bytes on wire (496 bits), 62 bytes captured (496 bits) on interface 0 Ethernet II, Src: Netgear_2b:72:26 (20:4e:7f:2b:72:26), Dst: IntelCor_6b:4d:3d (00:19:d2:6b:4d:3d) Internet Protocol Version 4, Src: 162.254.186.105 (162.254.186.105), Dst: 192.168.1.5 (192.168.1.5) Transmission Control Protocol, Src Port: 443 (443), Dst Port: 2103 (2103), Seq: 0, Ack: 1, Len: 0

No. Source Destination Info 775 192.168.1.5 162.254.186.105 2103→443 [ACK] Seq=1 Ack=1 Win=16560 Len=0

Frame 775: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: IntelCor_6b:4d:3d (00:19:d2:6b:4d:3d), Dst: Netgear_2b:72:26 (20:4e:7f:2b:72:26) Internet Protocol Version 4, Src: 192.168.1.5 (192.168.1.5), Dst: 162.254.186.105 (162.254.186.105) Transmission Control Protocol, Src Port: 2103 (2103), Dst Port: 443 (443), Seq: 1, Ack: 1, Len: 0

No. Source Destination Info 776 192.168.1.5 162.254.186.105 Client Hello

Frame 776: 163 bytes on wire (1304 bits), 163 bytes captured (1304 bits) on interface 0 Ethernet II, Src: IntelCor_6b:4d:3d (00:19:d2:6b:4d:3d), Dst: Netgear_2b:72:26 (20:4e:7f:2b:72:26) Internet Protocol Version 4, Src: 192.168.1.5 (192.168.1.5), Dst: 162.254.186.105 (162.254.186.105) Transmission Control Protocol, Src Port: 2103 (2103), Dst Port: 443 (443), Seq: 1, Ack: 1, Len: 109 Secure Sockets Layer TLSv1 Record Layer: Handshake Protocol: Client Hello Content Type: Handshake (22) Version: TLS 1.0 (0x0301) Length: 104 Handshake Protocol: Client Hello

No. Source Destination Info 777 162.254.186.105 192.168.1.5 443→2103 [ACK] Seq=1 Ack=110 Win=14600 Len=0

Frame 777: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Netgear_2b:72:26 (20:4e:7f:2b:72:26), Dst: IntelCor_6b:4d:3d (00:19:d2:6b:4d:3d) Internet Protocol Version 4, Src: 162.254.186.105 (162.254.186.105), Dst: 192.168.1.5 (192.168.1.5) Transmission Control Protocol, Src Port: 443 (443), Dst Port: 2103 (2103), Seq: 1, Ack: 110, Len: 0

No. Source Destination Info 778 162.254.186.105 192.168.1.5 Server Hello

Frame 778: 1434 bytes on wire (11472 bits), 1434 bytes captured (11472 bits) on interface 0 Ethernet II, Src: Netgear_2b:72:26 (20:4e:7f:2b:72:26), Dst: IntelCor_6b:4d:3d (00:19:d2:6b:4d:3d) Internet Protocol Version 4, Src: 162.254.186.105 (162.254.186.105), Dst: 192.168.1.5 (192.168.1.5) Transmission Control Protocol, Src Port: 443 (443), Dst Port: 2103 (2103), Seq: 1, Ack: 110, Len: 1380 Secure Sockets Layer TLSv1 Record Layer: Handshake Protocol: Server Hello Content Type: Handshake (22) Version: TLS 1.0 (0x0301) Length: 81 Handshake Protocol: Server Hello

No. Source Destination Info 779 162.254.186.105 192.168.1.5 Certificate

Frame 779: 1088 bytes on wire (8704 bits), 1088 bytes captured (8704 bits) on interface 0 Ethernet II, Src: Netgear_2b:72:26 (20:4e:7f:2b:72:26), Dst: IntelCor_6b:4d:3d (00:19:d2:6b:4d:3d) Internet Protocol Version 4, Src: 162.254.186.105 (162.254.186.105), Dst: 192.168.1.5 (192.168.1.5) Transmission Control Protocol, Src Port: 443 (443), Dst Port: 2103 (2103), Seq: 1381, Ack: 110, Len: 1034 [2 Reassembled TCP Segments (2319 bytes): #778(1294), #779(1025)] Secure Sockets Layer TLSv1 Record Layer: Handshake Protocol: Certificate Content Type: Handshake (22) Version: TLS 1.0 (0x0301) Length: 2314 Handshake Protocol: Certificate Secure Sockets Layer TLSv1 Record Layer: Handshake Protocol: Server Hello Done Content Type: Handshake (22) Version: TLS 1.0 (0x0301) Length: 4 Handshake Protocol: Server Hello Done

No. Source Destination Info 780 192.168.1.5 162.254.186.105 2103→443 [ACK] Seq=110 Ack=2415 Win=16560 Len=0

Frame 780: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: IntelCor_6b:4d:3d (00:19:d2:6b:4d:3d), Dst: Netgear_2b:72:26 (20:4e:7f:2b:72:26) Internet Protocol Version 4, Src: 192.168.1.5 (192.168.1.5), Dst: 162.254.186.105 (162.254.186.105) Transmission Control Protocol, Src Port: 2103 (2103), Dst Port: 443 (443), Seq: 110, Ack: 2415, Len: 0

No. Source Destination Info 781 192.168.1.5 162.254.186.105 Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message

Frame 781: 368 bytes on wire (2944 bits), 368 bytes captured (2944 bits) on interface 0 Ethernet II, Src: IntelCor_6b:4d:3d (00:19:d2:6b:4d:3d), Dst: Netgear_2b:72:26 (20:4e:7f:2b:72:26) Internet Protocol Version 4, Src: 192.168.1.5 (192.168.1.5), Dst: 162.254.186.105 (162.254.186.105) Transmission Control Protocol, Src Port: 2103 (2103), Dst Port: 443 (443), Seq: 110, Ack: 2415, Len: 314 Secure Sockets Layer TLSv1 Record Layer: Handshake Protocol: Client Key Exchange Content Type: Handshake (22) Version: TLS 1.0 (0x0301) Length: 262 Handshake Protocol: Client Key Exchange TLSv1 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec Content Type: Change Cipher Spec (20) Version: TLS 1.0 (0x0301) Length: 1 Change Cipher Spec Message TLSv1 Record Layer: Handshake Protocol: Encrypted Handshake Message Content Type: Handshake (22) Version: TLS 1.0 (0x0301) Length: 36 Handshake Protocol: Encrypted Handshake Message

No. Source Destination Info 782 162.254.186.105 192.168.1.5 Change Cipher Spec

Frame 782: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Netgear_2b:72:26 (20:4e:7f:2b:72:26), Dst: IntelCor_6b:4d:3d (00:19:d2:6b:4d:3d) Internet Protocol Version 4, Src: 162.254.186.105 (162.254.186.105), Dst: 192.168.1.5 (192.168.1.5) Transmission Control Protocol, Src Port: 443 (443), Dst Port: 2103 (2103), Seq: 2415, Ack: 424, Len: 6 Secure Sockets Layer TLSv1 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec Content Type: Change Cipher Spec (20) Version: TLS 1.0 (0x0301) Length: 1 Change Cipher Spec Message

No. Source Destination Info 783 162.254.186.105 192.168.1.5 Encrypted Handshake Message

Frame 783: 95 bytes on wire (760 bits), 95 bytes captured (760 bits) on interface 0 Ethernet II, Src: Netgear_2b:72:26 (20:4e:7f:2b:72:26), Dst: IntelCor_6b:4d:3d (00:19:d2:6b:4d:3d) Internet Protocol Version 4, Src: 162.254.186.105 (162.254.186.105), Dst: 192.168.1.5 (192.168.1.5) Transmission Control Protocol, Src Port: 443 (443), Dst Port: 2103 (2103), Seq: 2421, Ack: 424, Len: 41 Secure Sockets Layer TLSv1 Record Layer: Handshake Protocol: Encrypted Handshake Message Content Type: Handshake (22) Version: TLS 1.0 (0x0301) Length: 36 Handshake Protocol: Encrypted Handshake Message

No. Source Destination Info 784 192.168.1.5 162.254.186.105 2103→443 [ACK] Seq=424 Ack=2462 Win=16513 Len=0

Frame 784: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: IntelCor_6b:4d:3d (00:19:d2:6b:4d:3d), Dst: Netgear_2b:72:26 (20:4e:7f:2b:72:26) Internet Protocol Version 4, Src: 192.168.1.5 (192.168.1.5), Dst: 162.254.186.105 (162.254.186.105) Transmission Control Protocol, Src Port: 2103 (2103), Dst Port: 443 (443), Seq: 424, Ack: 2462, Len: 0

No. Source Destination Info 785 192.168.1.5 162.254.186.105 Application Data

Frame 785: 566 bytes on wire (4528 bits), 566 bytes captured (4528 bits) on interface 0 Ethernet II, Src: IntelCor_6b:4d:3d (00:19:d2:6b:4d:3d), Dst: Netgear_2b:72:26 (20:4e:7f:2b:72:26) Internet Protocol Version 4, Src: 192.168.1.5 (192.168.1.5), Dst: 162.254.186.105 (162.254.186.105) Transmission Control Protocol, Src Port: 2103 (2103), Dst Port: 443 (443), Seq: 424, Ack: 2462, Len: 512 Secure Sockets Layer TLSv1 Record Layer: Application Data Protocol: spdy Content Type: Application Data (23) Version: TLS 1.0 (0x0301) Length: 507 Encrypted Application Data: 87007d8381aac59c4cdba9b53ed70cf29ac9928e3bcc078f...

No. Source Destination Info 786 192.168.1.5 162.254.186.105 [TCP segment of a reassembled PDU]

Frame 786: 1434 bytes on wire (11472 bits), 1434 bytes captured (11472 bits) on interface 0 Ethernet II, Src: IntelCor_6b:4d:3d (00:19:d2:6b:4d:3d), Dst: Netgear_2b:72:26 (20:4e:7f:2b:72:26) Internet Protocol Version 4, Src: 192.168.1.5 (192.168.1.5), Dst: 162.254.186.105 (162.254.186.105) Transmission Control Protocol, Src Port: 2103 (2103), Dst Port: 443 (443), Seq: 936, Ack: 2462, Len: 1380

No. Source Destination Info 787 192.168.1.5 162.254.186.105 Application Data

Frame 787: 1107 bytes on wire (8856 bits), 1107 bytes captured (8856 bits) on interface 0 Ethernet II, Src: IntelCor_6b:4d:3d (00:19:d2:6b:4d:3d), Dst: Netgear_2b:72:26 (20:4e:7f:2b:72:26) Internet Protocol Version 4, Src: 192.168.1.5 (192.168.1.5), Dst: 162.254.186.105 (162.254.186.105) Transmission Control Protocol, Src Port: 2103 (2103), Dst Port: 443 (443), Seq: 2316, Ack: 2462, Len: 1053 [2 Reassembled TCP Segments (2433 bytes): #786(1380), #787(1053)] Secure Sockets Layer TLSv1 Record Layer: Application Data Protocol: spdy Content Type: Application Data (23) Version: TLS 1.0 (0x0301) Length: 2428 Encrypted Application Data: 07ae91c9a77ff246f809b41c799fc7ade9d7fe090cc70da1...

No. Source Destination Info 827 162.254.186.105 192.168.1.5 443→2103 [ACK] Seq=2462 Ack=2316 Win=19320 Len=0

Frame 827: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Netgear_2b:72:26 (20:4e:7f:2b:72:26), Dst: IntelCor_6b:4d:3d (00:19:d2:6b:4d:3d) Internet Protocol Version 4, Src: 162.254.186.105 (162.254.186.105), Dst: 192.168.1.5 (192.168.1.5) Transmission Control Protocol, Src Port: 443 (443), Dst Port: 2103 (2103), Seq: 2462, Ack: 2316, Len: 0

No. Source Destination Info 828 162.254.186.105 192.168.1.5 443→2103 [ACK] Seq=2462 Ack=3369 Win=22080 Len=0

Frame 828: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Netgear_2b:72:26 (20:4e:7f:2b:72:26), Dst: IntelCor_6b:4d:3d (00:19:d2:6b:4d:3d) Internet Protocol Version 4, Src: 162.254.186.105 (162.254.186.105), Dst: 192.168.1.5 (192.168.1.5) Transmission Control Protocol, Src Port: 443 (443), Dst Port: 2103 (2103), Seq: 2462, Ack: 3369, Len: 0

No. Source Destination Info 917 162.254.186.105 192.168.1.5 Encrypted Alert

Frame 917: 81 bytes on wire (648 bits), 81 bytes captured (648 bits) on interface 0 Ethernet II, Src: Netgear_2b:72:26 (20:4e:7f:2b:72:26), Dst: IntelCor_6b:4d:3d (00:19:d2:6b:4d:3d) Internet Protocol Version 4, Src: 162.254.186.105 (162.254.186.105), Dst: 192.168.1.5 (192.168.1.5) Transmission Control Protocol, Src Port: 443 (443), Dst Port: 2103 (2103), Seq: 2462, Ack: 3369, Len: 27 Secure Sockets Layer TLSv1 Record Layer: Encrypted Alert Content Type: Alert (21) Version: TLS 1.0 (0x0301) Length: 22 Alert Message: Encrypted Alert

No. Source Destination Info 918 162.254.186.105 192.168.1.5 443→2103 [FIN, ACK] Seq=2489 Ack=3369 Win=22080 Len=0

Frame 918: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Netgear_2b:72:26 (20:4e:7f:2b:72:26), Dst: IntelCor_6b:4d:3d (00:19:d2:6b:4d:3d) Internet Protocol Version 4, Src: 162.254.186.105 (162.254.186.105), Dst: 192.168.1.5 (192.168.1.5) Transmission Control Protocol, Src Port: 443 (443), Dst Port: 2103 (2103), Seq: 2489, Ack: 3369, Len: 0

No. Source Destination Info 919 192.168.1.5 162.254.186.105 2103→443 [ACK] Seq=3369 Ack=2490 Win=16486 Len=0

Frame 919: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: IntelCor_6b:4d:3d (00:19:d2:6b:4d:3d), Dst: Netgear_2b:72:26 (20:4e:7f:2b:72:26) Internet Protocol Version 4, Src: 192.168.1.5 (192.168.1.5), Dst: 162.254.186.105 (162.254.186.105) Transmission Control Protocol, Src Port: 2103 (2103), Dst Port: 443 (443), Seq: 3369, Ack: 2490, Len: 0

No. Source Destination Info 920 192.168.1.5 162.254.186.105 2103→443 [FIN, ACK] Seq=3369 Ack=2490 Win=16486 Len=0

Frame 920: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: IntelCor_6b:4d:3d (00:19:d2:6b:4d:3d), Dst: Netgear_2b:72:26 (20:4e:7f:2b:72:26) Internet Protocol Version 4, Src: 192.168.1.5 (192.168.1.5), Dst: 162.254.186.105 (162.254.186.105) Transmission Control Protocol, Src Port: 2103 (2103), Dst Port: 443 (443), Seq: 3369, Ack: 2490, Len: 0

No. Source Destination Info 921 162.254.186.105 192.168.1.5 [TCP Out-Of-Order] Encrypted Alert

Frame 921: 81 bytes on wire (648 bits), 81 bytes captured (648 bits) on interface 0 Ethernet II, Src: Netgear_2b:72:26 (20:4e:7f:2b:72:26), Dst: IntelCor_6b:4d:3d (00:19:d2:6b:4d:3d) Internet Protocol Version 4, Src: 162.254.186.105 (162.254.186.105), Dst: 192.168.1.5 (192.168.1.5) Transmission Control Protocol, Src Port: 443 (443), Dst Port: 2103 (2103), Seq: 2462, Ack: 3369, Len: 27 Secure Sockets Layer TLSv1 Record Layer: Encrypted Alert Content Type: Alert (21) Version: TLS 1.0 (0x0301) Length: 22 Alert Message: Encrypted Alert

No. Source Destination Info 922 192.168.1.5 162.254.186.105 [TCP Dup ACK 920#1] 2103→443 [ACK] Seq=3370 Ack=2490 Win=16486 Len=0

Frame 922: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: IntelCor_6b:4d:3d (00:19:d2:6b:4d:3d), Dst: Netgear_2b:72:26 (20:4e:7f:2b:72:26) Internet Protocol Version 4, Src: 192.168.1.5 (192.168.1.5), Dst: 162.254.186.105 (162.254.186.105) Transmission Control Protocol, Src Port: 2103 (2103), Dst Port: 443 (443), Seq: 3370, Ack: 2490, Len: 0

No. Source Destination Info 923 162.254.186.105 192.168.1.5 443→2103 [ACK] Seq=2490 Ack=3370 Win=22080 Len=0

Frame 923: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Netgear_2b:72:26 (20:4e:7f:2b:72:26), Dst: IntelCor_6b:4d:3d (00:19:d2:6b:4d:3d) Internet Protocol Version 4, Src: 162.254.186.105 (162.254.186.105), Dst: 192.168.1.5 (192.168.1.5) Transmission Control Protocol, Src Port: 443 (443), Dst Port: 2103 (2103), Seq: 2490, Ack: 3370, Len: 0

Frame 917 Detail

No. Source Destination Info 917 162.254.186.105 192.168.1.5 Encrypted Alert

Frame 917: 81 bytes on wire (648 bits), 81 bytes captured (648 bits) on interface 0 Interface id: 0 (\Device\NPF_{94709F0A-58A6-48CE-BF58-EDC79A764A2D}) Encapsulation type: Ethernet (1) Arrival Time: Nov 15, 2014 16:22:07.239508000 Pacific Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1416097327.239508000 seconds [Time delta from previous captured frame: -0.029312000 seconds] [Time delta from previous displayed frame: 0.528386000 seconds] [Time since reference or first frame: 4.874656000 seconds] Frame Number: 917 Frame Length: 81 bytes (648 bits) Capture Length: 81 bytes (648 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:ssl] [Coloring Rule Name: conversation_color_filter05] [Coloring Rule String: ip.addr eq 162.254.186.105 and ip.addr eq 192.168.1.5] Ethernet II, Src: Netgear_2b:72:26 (20:4e:7f:2b:72:26), Dst: IntelCor_6b:4d:3d (00:19:d2:6b:4d:3d) Destination: IntelCor_6b:4d:3d (00:19:d2:6b:4d:3d) Address: IntelCor_6b:4d:3d (00:19:d2:6b:4d:3d) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Netgear_2b:72:26 (20:4e:7f:2b:72:26) Address: Netgear_2b:72:26 (20:4e:7f:2b:72:26) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IP (0x0800) Internet Protocol Version 4, Src: 162.254.186.105 (162.254.186.105), Dst: 192.168.1.5 (192.168.1.5) Version: 4 Header Length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00) Total Length: 67 Identification: 0x0a1b (2587) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 51 Protocol: TCP (6) Header checksum: 0x1e85 [validation disabled] [Good: False] [Bad: False] Source: 162.254.186.105 (162.254.186.105) Destination: 192.168.1.5 (192.168.1.5) [Source GeoIP: Unknown] [Destination GeoIP: Unknown] Transmission Control Protocol, Src Port: 443 (443), Dst Port: 2103 (2103), Seq: 2462, Ack: 3369, Len: 27 Source Port: 443 (443) Destination Port: 2103 (2103) [Stream index: 5] [TCP Segment Len: 27] Sequence number: 2462 (relative sequence number) [Next sequence number: 2489 (relative sequence number)] Acknowledgment number: 3369 (relative ack number) Header Length: 20 bytes .... 0000 0001 1000 = Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 22080 [Calculated window size: 22080] [Window size scaling factor: -2 (no window scaling used)] Checksum: 0xd5e8 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Urgent pointer: 0 [SEQ/ACK analysis] [iRTT: 0.048485000 seconds] [Bytes in flight: 27] Secure Sockets Layer TLSv1 Record Layer: Encrypted Alert Content Type: Alert (21) Version: TLS 1.0 (0x0301) Length: 22 Alert Message: Encrypted Alert

网址：TLSv1 Record Layer: Encrypted Alert https://klqsh.com/news/view/191238

相关内容

Coldplay Returns To North America In 2025 With New Cities On Record
What Is DigiByte? All You Need to Know About DGB
Zip and unzip files
Outlook not working with yahoo
Supernova L2
The birth of the Eiffel Tower
How Azure Resource Graph uses alerts to monitor resources
【水滴计划
象征主义视角下的《了不起的盖茨比》
娱乐八卦

随便看看