TCP protocol instead of SSL/TLS in Wireshark

Question

I am trying to use .NET implementation of SslStream by this tutorial. I did everything like in this article, but I have some question. I downloaded RawCap and captured packets from the localhost, after that I opened dump file(.pcap) using Wireshark, but instead of SSL or TLS type of protocol, I saw just TCP: enter image description here Here is the part of the TCP stream:

....l...h..T...........Y.2..1...t.4....8.J...../.5... ....... .2.8.......'..............SslServer. ......................M..T...M.<.......e.E...M.%c...Kg.. .....iKku.^q(C.$..;..Mx......g&./..................0...0.............L.^..F.)...{.0...+......0.1 0...U....MyCA0.. 150228143257Z. 391231235959Z0.1.0...U....SslServer0.."0 ..*.H.. ..........0.. ......p9.cq...F.^....Bm...S... .....Bg.B.<]..f[...<...q'..Tc......R...Z.C.D.D...N...1..0.v..l.<...d[=C.7.8.+^..j(...X.........D'.!*5.^.^Ef..=.6y@.=..)|...Sp..Sv.|h.-..UT..&bG.......J{.7k.X...........:.[o....o.,r.......0..Wi.s..8.Jn9........4...WU....fkmw..........D0B0@..U...907..m.....@.. ...f...0.1 0...U....MyCA..(J..j+..K......0...+...........h..X.+.M..{...n.....@.'.F........~....@9J.......A4,>.9.DE.R.V4t._bGY.,v.>G......J ....3....@..c,%[S._..u...$....!V.r....~...'.~..T*[.#[.?.B{..Z..m.p.9.7.U.u.}.e..c..H^n.:...-AJxs.. ...:... ..u.....YB....2n...y.g=...(.Fv...B.Is..GK.....;.F..Ln.....L...ao ......@...q0o1.0...U....SE1.0...U. ..AddTrust AB1&0$..U....AddTrust External TTP Network1"0 ..U....AddTrust External CA Root..0..1.0...U....US1.0...U. . GeoTrust Inc.1907..U...0(c) 2008 GeoTrust Inc. - For authorized use only1604..U...-GeoTrust Primary Certification Authority - G3.g0e1.0...U....US1.0...U.

Is this correct SSL/TLS stream? And why Wireshark marked it like TCP?

UPD: enter image description here

TCP protocol instead of SSL/TLS in Wireshark

Answers (1)

Related Questions