Hello Dear Wireshark Technicians and skilled users of Wireshark I want to ask you on here , what is up with not seeing https in the new version 1.12.0 ? I am by any means no expert. I was instructed how I can check on my DNS if it is constantly encrypted. Wireshark version 1.10.8 did show me alwys https , everytime I enabled the DNS to be encrypted. I really want to reinstall this 1.12.0 , but before I do I want to ask you on here what the hell ..ah I start get frustrated sorry, everytime something not working or some changes that one must spend more life time. All I see is this: 60 who has .....(light pink background) HTTP 496 [TCP Retransmission] HTTP/1.1 200 ok (black backgroung,red writing) TCP 60 443 49363 [RST] (darkred background, yellow writing) TLSV1 91 Encrypted Alert (Light gray background, black writing) this appears like only 2 times out of this crazy long list. This was not like before. What happened here. according to this my DNS is not encrypted or what? Encryption is turned on. I am running this on Win7. Can someone reply with some decent Information pleace why the new Version of Wireshark 1.12.0 do this? I really do not want update nothing anymore.I know what i am going to do , but please I think I want to ask here before I do what I have in mind. Thank you ! I appreciate your help! asked 01 Sep '14, 09:34  httpsnotshow... edited 01 Sep '14, 09:37 |
One Answer:
We'd have to see a sample capture to see what's happening, but if Wireshark says "HTTP 496 [TCP Retransmission] HTTP/1.1 200 ok", then either that traffic was NOT https (i.e., it was HTTP-directly-over-TCP, not HTTP-over-SSL/TLS-over-TCP), or it was un-encrypted SSL/TLS, or Wireshark had been configured to decrypt the traffic and was doing so. I.e., either it wasn't encrypted, or Wireshark was decrypting it. In that packet, either there's an SSL/TLS layer, in which case it was over SSL/TLS but was either not encrypted or was being decrypted by Wireshark, or there's no SSL/TLS layer, in which case it wasn't even going over SSL/TLS. If it was encrypted and was being decrypted by Wireshark, the hex dump pane should, I think, have both a tab showing the encrypted data and another tab showing the decrypted data. answered 01 Sep '14, 15:25  Guy Harris ♦♦ edited 01 Sep '14, 15:27 |
