This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Problem seeing ssl handshake as a server

0

Hi, I'm quite new to wireshark, so there probably is a simple answer to my question. However I can't seem to find it on my own...

I have two machines - 192.168.0.105 (my laptop running windows7) and 192.168.0.24 (an Ubuntu server). Wireshark runs on my laptop, as well as an Abyss webserver configured to listen to https on port 8080. On the Ubuntu server, I have Apache configured to listen on https on port 443.

When I connect with chrome from my laptop to the Apache server, I see a nice SSL Handshake procedure. However, when I try to do the opposit, i.e. connect with firefox from the Ubuntu machine to my Abyss webserver, I only get TCP traffic. If I type ssl in the filter dialog, it's empty. I still se the page though, and my certificate is in there as shown in the picture.

The reason I ask is that I have an "SSL Handshake problem" error on an embedded thingie I'm programming, and I would really need to troubleshoot this.

I wasn't allowed to upload pictures, but put two screenshots here: Screenshots

asked 09 Dec '14, 00:27

nanne's gravatar image

nanne
16114
accept rate: 0%


One Answer:

2

webserver configured to listen to https on port 8080

Wireshark detects the protocols mainly (but not only) based on the ports. Port 8080 is not associated with SSL traffic, that's the reason why it's shown a TCP.

You have four options:

  • Edit -> Preferences -> Protocols -> HTTP -> SSL/TLS Ports and add 8080 to the list of ports: 443, 8080.

  • right click on any frame with port 8080 and choose "Decode as". Then select "TCP destination (8080)" and "SSL"

  • run your server on port 443 ;-)

  • use DNAT on the target server to translate only C:* -> S:443 to C:* -> S:8080 and then connect to the server via port 443 from the client ;-))))))))

Regards
Kurt

answered 09 Dec '14, 02:08

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 09 Dec '14, 02:12

Thank you! Number 1 did indeed solve the problem. As I am sure that the other more or less serious suggestions would do, now that I understand what's going on :-)

(09 Dec '14, 04:32) nanne

@nanne

If an answer has solved your issue, please accept the answer for the benefit of other users by clicking the checkmark icon next to the answer. Please read the FAQ for more information.

(09 Dec '14, 06:20) grahamb ♦

As I am sure that the other more or less serious suggestions would do,

They are all serious suggestions! ;-) Just more work than the easy one :-)

Regards
Kurt

(09 Dec '14, 06:34) Kurt Knochner ♦