Wireshark-users: Re: [Wireshark-users] Spotting HTTPS handshake problem with Wireshark
From: Martin Visser <martinvisser99@xxxxxxxxx>
Date: Tue, 6 Oct 2009 21:01:20 +1100

Your capture by itself probably won't help you. As you are probably aware a HTTP 403 response indicates your server is forbidden to respond to you. (Note this is different from 401 which indicates a an authorization or authenticantion issue). So assuming that you are authenticated, the error is a result of permissions, so provided you are possibly better off looking at these things on the server side logs.

But if you do want to see the actual requests you will need to obtain the server's private key and use it on your capture as per http://wiki.wireshark.org/SSL

Regards, Martin

MartinVisser99@xxxxxxxxx


2009/10/6 Mariano Eloy Fernández <mefernandez@xxxxxxxxxx>
Hi,

I am new to Wireshark and I'm trying to analyze the following set up.
There's a problem in a HTTPS communication. The client is authenticating with a valid certificate. The server is giving us a 403 error code.
The server admin has sent me a .cap file captured with Wireshark.
How can I filter all this traffic data to spot the error? There's just too much data in there.

I am used to going through SSL log files generated with Java when javax.net.debug is on.
I usually search for something like "Bad certificate" or "Unkown Certificate" or "No chain".
How can I transform this .cap data into something I can read and understand with Wireshark?

Thanks in advance,

Mariano.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe