TLS dissector should indicate in TCP packet with partial record that the partial record was dissescted
Description
This issue arose out of #17480 (closed), where I mistakenly thought that the TCP packet with the Server Hello
did not parse the partial Application Data
record at the end of the packet because the packet details show no reference to that data being parsed. The data is in fact parsed in the following Application Data
packet from a reassembly of the previous 4 packets. This is not obvious though just looking at the packet list subwindow because the Application Data
packet has a length of 330 and the Application Data
TLS record has a length of 4161. So my initial thought was that it was a separate Application Data
record.
I propose that the packet with the partial TLS record indicate that the partial record was dissected. Ideally, it could be a link to the packet which has the reassembled data. If this is impractical due to the current wireshark design, then it would be nice as a minimum to indicate that there was a partial record (perhaps showing the indicated TLS record size and the size of the record fragment).
This will make for less confusion when viewing a TCP packet with a partial TLS record.
Sample capture
See #17480 (closed) for an example capture and a screenshot of current display showing unparsed TLS data after the Change Cipher Spec
TLS record.