Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] Not seeing SSL protocol packets

Date: Fri, 27 Feb 2009 22:53:15 +0000 (UTC)
Hello Mr. Sarkar,

Thank you very much for replying.  This is not the case.  The server is running on one PC and the client is running on another embedded device running Windows Embedded XP.

Interesting enough, Microsoft Network Monitor 3.2 can see the packets with a "Protocol Name" of SSL.  This network analyzer also has a "Frame Details" window showing this:

  Frame: Number = 18, Captured Frame Length = 124, MediaType = ETHERNET
+ Ethernet: Etype = Internet IP (IPv4),DestinationAddress:[00-1B-FC-37-5B-3F],
   SourceAddress:[00-00-5E-00-01-17]
+ Ipv4: Src = "" Dest = 192.168.71.209, Next Protocol = TCP, Packet ID = 230,
   Total IP Length = 110
+ Tcp: Flags=...AP..., SrcPort=1056, DstPort=HTTP Alternate(8080), PayloadLen=70,
   Seq=981260080 - 981260150, Ack=482317727, Win=17520 (scale factor 0x0) = 17520
+ SslOnWsp:   Client Hello.


Regards,
Lee Linkoff

--- Original Message -----

Date: Fri, 27 Feb 2009 20:11:23 +0400
From: Abhik Sarkar <sarkar.abhik@xxxxxxxxx>
Subject: Re: [Wireshark-users] Not seeing SSL protocol packets
To: Community support list for Wireshark
        <wireshark-users@xxxxxxxxxxxxx>
Message-ID:
        <c460e4040902270811p5b2a7f3cx8aaeafdfe4cb82f5@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset="utf-8"

Hi,

If you are running both client and server on the same Windows box, then you
need to have look at this:
http://wiki.wireshark.org/CaptureSetup/Loopback

HTH
Abhik.

On Fri, Feb 27, 2009 at 4:03 AM, <linkoff@xxxxxxxxxxx> wrote:

> Hello,
>
> OS: Windows XP Professional SP2
> Development: C#, Microsoft Visual Studio 2008
>
> I have this simple example SSL client/server application given to me by a
> support person at Microsoft.  Both programs work perfectly.  These 2
> programs are using the SslStream Class to implement SSL.
>
> I am using Wireshark, Version 1.1.2 (SVN Rev 27238).
>
> I am seeing TCP, UDP, HTTP, etc. packets, but no SSL packets.  At a loss.
>
> Also, does Wireshark support TLS?
>
> Thanks in advance.
>
> Lee
>