This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

What does this HTTPS request mean?

0

When I make an HTTPS request (for example, GET https://http2katanatest.cloudapp.net:8443/root/index.html, I capture the following data on wireshark:

16 03 01 00 ef 01 00 00 eb 03 03 30 84 c4 29 f2 20 c6 80 97 91 89 c1 78 ...

What is this? This does not seem like HEADER frames. Is it compressed data?

asked 08 Apr '14, 23:08

sufi's gravatar image

sufi
11112
accept rate: 0%

edited 09 Apr '14, 13:47

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237

One Answer:

0

That is a SSL Handshake Client Hello

Use the Decode As Function to tell wireshark to interpret those as SSL

answered 09 Apr '14, 01:08

mrEEde's gravatar image

mrEEde
3.9k152270
accept rate: 20%

Or add port 8443 to the list of SSL ports

Edit -> Preferences -> Protocols -> HTTP -> SSL/TLS ports

Add 8443 to that list, like this: 443,8443

(09 Apr '14, 13:45) Kurt Knochner ♦