How to capture mbedtls handshake messages?
Hi I'm using psoc6 IoT device to connect to IBM Watson using self signed certificates but wireshark is not capturing anything when I'm making the connection i.e. mbedts handshake messages like client certificate, server certificate , ciphersuites etc. I tried to put ip.src==xxx.xxx.xx.xx in the filter or tcp.port==8883 but not even a single packet or messages are getting captured by wireshark. So any suggestion regarding this.
Can you explain your capture setup? We need to know how the IoT device is connecting to IBM and where your Wireshark capturing platform fits in?
IoT device(psoc6) is connected to IBM cloud IoT platform using mqtt secure connection at port 8883.So basically I used certificate to secure the connection and cipher suite used was TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256. But this is my first time using wireshark to capture mbedtls handshake so I actually dont know how to set up properly in wireshark to capture the mbedtls messages.
Unfortunately that's not the information we need, it's how the various parts are physically connected. Is the IoT device wired to a switch, using WiFi or something else, e.g. LoRa? What are you running Wireshark on and how is that connected to the IoT device?
yeah so I IoT device is connected to my wifi then to the cloud using internet so I was hoping to capture it in wifi interface in wireshark by giving my ip address in the filter console as ip.src=xxx.xxx.xx.xx
OK, still missing some info, what is the OS on the machine running Wireshark? You'll need to capture in monitor mode which isn't easy or supported by many WiFi adaptors on Windows.
See the wiki page on WiFi Capture for more info about performing such captures.