This is our old Q&A Site. Please post any new questions and answers at


Dear Wireshark Technicians and skilled users of Wireshark

I want to ask you on here , what is up with not seeing https in the new version 1.12.0 ? I am by any means no expert. I was instructed how I can check on my DNS if it is constantly encrypted. Wireshark version 1.10.8 did show me alwys https , everytime I enabled the DNS to be encrypted. I really want to reinstall this 1.12.0 , but before I do I want to ask you on here what the hell ..ah I start get frustrated sorry, everytime something not working or some changes that one must spend more life time. All I see is this:

60 who has .....(light pink background)

HTTP 496 [TCP Retransmission] HTTP/1.1 200 ok (black backgroung,red writing)

TCP 60 443 49363 [RST] (darkred background, yellow writing)

TLSV1 91 Encrypted Alert (Light gray background, black writing) this appears like only 2 times out of this crazy long list.

This was not like before. What happened here. according to this my DNS is not encrypted or what? Encryption is turned on. I am running this on Win7. Can someone reply with some decent Information pleace why the new Version of Wireshark 1.12.0 do this? I really do not want update nothing anymore.I know what i am going to do , but please I think I want to ask here before I do what I have in mind.

Thank you ! I appreciate your help!

asked 01 Sep '14, 09:34

httpsnotshown1120's gravatar image

accept rate: 0%

edited 01 Sep '14, 09:37

We'd have to see a sample capture to see what's happening, but if Wireshark says "HTTP 496 [TCP Retransmission] HTTP/1.1 200 ok", then either that traffic was NOT https (i.e., it was HTTP-directly-over-TCP, not HTTP-over-SSL/TLS-over-TCP), or it was un-encrypted SSL/TLS, or Wireshark had been configured to decrypt the traffic and was doing so.

I.e., either it wasn't encrypted, or Wireshark was decrypting it. In that packet, either there's an SSL/TLS layer, in which case it was over SSL/TLS but was either not encrypted or was being decrypted by Wireshark, or there's no SSL/TLS layer, in which case it wasn't even going over SSL/TLS. If it was encrypted and was being decrypted by Wireshark, the hex dump pane should, I think, have both a tab showing the encrypted data and another tab showing the decrypted data.

permanent link

answered 01 Sep '14, 15:25

Guy%20Harris's gravatar image

Guy Harris ♦♦
accept rate: 19%

edited 01 Sep '14, 15:27

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 01 Sep '14, 09:34

question was seen: 3,333 times

last updated: 01 Sep '14, 15:27

p​o​w​e​r​e​d by O​S​Q​A