tcp.data for multiple Handshake combined messages are incorrect

[GoogleCodeExporter]

What steps will reproduce the problem?
1. If there is a packet of content type which display 'Certificate,Server Hello 
Done'.
 This kind of packet can not be parsed successfully. the way i try to parse the tcp data like this:
    f = open(pcapfilename,"rb")
    pcap = dpkt.pcap.Reader (f)
    eth = dpkt.ethernet.Ethernet(buf)
    for ts,buf in pcap:
        eth = dpkt.ethernet.Ethernet(buf)
        ip = eth.data
        tcp = ip.data
        data = tcp.data
Refer to the SSL definition by  
http://en.wikipedia.org/wiki/Transport_Layer_Security , suppose that the 
data[0] here should be HandShake (x16), but actually it is not.

the tcp.data parsed by dpkt is incorrect.

For example:
in the attached pcap file.see the ssl package of time 12.87998, the data[0] for 
this is '\x25' rather than '\x16'.

Also seems that the tcp.data has been truncated. the data packed by dpkt is 
only partial of the data in the pcap file.

What is the expected output? What do you see instead?
Expected the Contenttype for the combined ssl pack should be parsed correctly. 

What version of the product are you using? On what operating system?
dpkt-1.7.win32
Python 2.7

Please provide any additional information below.
It is OK when the package is a single handshake. such as only 'certificate' or 
'server hello'

Original issue reported on code.google.com by yaner.l...@gmail.com on 19 Mar 2012 at 5:45

Attachments:

• 4_187429_new.gsl03162012141010.pcap

[GoogleCodeExporter]

I am also seeing this issue with one TCP flow.

Original comment by akhil.re...@gmail.com on 24 Mar 2014 at 9:12