This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

1.12.0 does not show me https

0

Hello

Dear Wireshark Technicians and skilled users of Wireshark

I want to ask you on here , what is up with not seeing https in the new version 1.12.0 ? I am by any means no expert. I was instructed how I can check on my DNS if it is constantly encrypted. Wireshark version 1.10.8 did show me alwys https , everytime I enabled the DNS to be encrypted. I really want to reinstall this 1.12.0 , but before I do I want to ask you on here what the hell ..ah I start get frustrated sorry, everytime something not working or some changes that one must spend more life time. All I see is this:

60 who has .....(light pink background)

HTTP 496 [TCP Retransmission] HTTP/1.1 200 ok (black backgroung,red writing)

TCP 60 443 49363 [RST] (darkred background, yellow writing)

TLSV1 91 Encrypted Alert (Light gray background, black writing) this appears like only 2 times out of this crazy long list.

This was not like before. What happened here. according to this my DNS is not encrypted or what? Encryption is turned on. I am running this on Win7. Can someone reply with some decent Information pleace why the new Version of Wireshark 1.12.0 do this? I really do not want update nothing anymore.I know what i am going to do , but please I think I want to ask here before I do what I have in mind.

Thank you ! I appreciate your help!

asked 01 Sep '14, 09:34

httpsnotshown1120's gravatar image

httpsnotshow...
1112
accept rate: 0%

edited 01 Sep '14, 09:37


One Answer:

0

We'd have to see a sample capture to see what's happening, but if Wireshark says "HTTP 496 [TCP Retransmission] HTTP/1.1 200 ok", then either that traffic was NOT https (i.e., it was HTTP-directly-over-TCP, not HTTP-over-SSL/TLS-over-TCP), or it was un-encrypted SSL/TLS, or Wireshark had been configured to decrypt the traffic and was doing so.

I.e., either it wasn't encrypted, or Wireshark was decrypting it. In that packet, either there's an SSL/TLS layer, in which case it was over SSL/TLS but was either not encrypted or was being decrypted by Wireshark, or there's no SSL/TLS layer, in which case it wasn't even going over SSL/TLS. If it was encrypted and was being decrypted by Wireshark, the hex dump pane should, I think, have both a tab showing the encrypted data and another tab showing the decrypted data.

answered 01 Sep '14, 15:25

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

edited 01 Sep '14, 15:27