Hello Friends. Also searching reason for below Warning
asked 03 May '16, 14:51  jimmy2016 |
One Answer:
1) The dissector saw an ACK in the TCP stream for a segment it didn't see come by in that stream. A common occurrence when a capture is started on an already opened TCP stream; the segment has gone by before the capture started, and once it was the ACK for that segment was captured. 2) TCP port 443 is associated with HTTPS. Seeing HTTP traffic on that port could be an indication of misconfiguration of the web server involved, serving unprotected content. answered 03 May '16, 15:21  Jaap ♦ |
hi,
Thanks for prompt reply !
What is the possible solution to fix the issue due point # 2 (2.HTTP: Unencrypted HTTP protocol detected over encrypted port, could indicate a dangerous misconfiguration")
It depends on how the client has got the information that it should send HTTP requests to server tcp port 443 rather than the usual 80 or (also frequently used) 8080. If it was manually entered (http://my.site.org:443), it is not a matter of configuration at all; if the client has first sent a DNS SRV query for the http service for that fqdn (which is rather a theoretical case), the DNS response could have indicated that port. Or the initial http request could have been sent to the "well-known" port 80 but the server (or load balancer in front of it) could have responded such a request with a 302 redirection, indicating a new url with "http://" (not "https://") but with port 443 specified.
The Wireshark capture should give you the answer which of the variants is true, as you should see there the whole process (the DNS query and response, the initial HTTP GET and the response to it, etc.)
Looking at both your Questions, they resemble a homework assignment to me.