This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

When I make an HTTPS request (for example, GET https://http2katanatest.cloudapp.net:8443/root/index.html, I capture the following data on wireshark:

16 03 01 00 ef 01 00 00 eb 03 03 30 84 c4 29 f2 20 c6 80 97 91 89 c1 78 ...

What is this? This does not seem like HEADER frames. Is it compressed data?

asked 08 Apr '14, 23:08

sufi's gravatar image

sufi
11112
accept rate: 0%

edited 09 Apr '14, 13:47

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237


That is a SSL Handshake Client Hello

Use the Decode As Function to tell wireshark to interpret those as SSL

permanent link

answered 09 Apr '14, 01:08

mrEEde's gravatar image

mrEEde
3.9k152270
accept rate: 20%

Or add port 8443 to the list of SSL ports

Edit -> Preferences -> Protocols -> HTTP -> SSL/TLS ports

Add 8443 to that list, like this: 443,8443

(09 Apr '14, 13:45) Kurt Knochner ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×69

question asked: 08 Apr '14, 23:08

question was seen: 2,435 times

last updated: 09 Apr '14, 13:47

p​o​w​e​r​e​d by O​S​Q​A