Wireshark · Wireshark-dev: Re: [Wireshark-dev] (New to Wireshark) How does wireshark determine what protocol is being used?

Wireshark-dev: Re: [Wireshark-dev] (New to Wireshark) How does wireshark determine what protoco

From: Stephen Fisher <stephentfisher@xxxxxxxxx>

Date: Fri, 12 Oct 2007 16:34:14 -0600

On Fri, Oct 12, 2007 at 05:16:08PM -0400, Justin Seto wrote:

> My company is using the Microsoft C++ standard implementation of TLS,
> i.e. plugging in the module, to handle SSL connections. When I use
> wireshark to capture data, it does not detect the SSL packets. 
> However, when I read the raw data in the TCP packet, I can see the TLS
> headers in the first bytes of the data payload.  Furthermore, there
> seems to be an exchange of certificates.
> 
> When I connect to an SSL enabled site over a web browser I can scope
> TLS packets.  I would like to see the same thing appear when I scope
> packets from my program.  My first question is: how does wireshark
> determine whether a packet is an SSL packet?

Is your company's program using a standard SSL port?  Wireshark detects
SSL on at least ports 636 (ldap over SSL), 993 (imap over SSL), and 995
(pop over SSL).  There is a default setting in the HTTP dissector's
preferences to decode port 443 as HTTP over SSL.


Steve

Follow-Ups:
- Re: [Wireshark-dev] (New to Wireshark) How does wireshark determine what protocol is being used?
  - From: Justin Seto

References:
- [Wireshark-dev] (New to Wireshark) How does wireshark determine what protocol is being used?
  - From: Justin Seto

Prev by Date: [Wireshark-dev] (New to Wireshark) How does wireshark determine what protocol is being used?
Next by Date: Re: [Wireshark-dev] tshark: drop features "dump tostdout"and"readfilter" - conclusion
Previous by thread: [Wireshark-dev] (New to Wireshark) How does wireshark determine what protocol is being used?
Next by thread: Re: [Wireshark-dev] (New to Wireshark) How does wireshark determine what protocol is being used?
Index(es):
- Date
- Thread