Wireshark-dev: [Wireshark-dev] (New to Wireshark) How does wireshark determine what protocol is
From: Justin Seto <[email protected]>
Date: Fri, 12 Oct 2007 17:16:08 -0400

Hi all,


My company is using the Microsoft C++ standard implementation of TLS, i.e. plugging in the module, to handle SSL connections.

When I use wireshark to capture data, it does not detect the SSL packets.  However, when I read the raw data in the TCP packet,

I can see the TLS headers in the first bytes of the data payload.  Furthermore, there seems to be an exchange of certificates.


When I connect to an SSL enabled site over a web browser I can scope TLS packets.  I would like to see the same thing appear

when I scope packets from my program.  My first question is: how does wireshark determine whether a packet is an SSL packet?


Unfortunately, I am new at this company and I did not write the code, however I know that our implementation uses secur32.dll.

Does anyone know if there are any compatibility issues using this dll?


I have been looking through the wireshark code base and developer documents to determine the answer to these questions and I

Would appreciate any insight into this problem. 



Justin Seto