How to capture mbedtls handshake messages?

asked 2021-03-26 06:35:37 +0000

Hi I'm using psoc6 IoT device to connect to IBM Watson using self signed certificates but wireshark is not capturing anything when I'm making the connection i.e. mbedts handshake messages like client certificate, server certificate , ciphersuites etc. I tried to put ip.src==xxx.xxx.xx.xx in the filter or tcp.port==8883 but not even a single packet or messages are getting captured by wireshark. So any suggestion regarding this.

edit retag flag offensive close merge delete

Comments

Can you explain your capture setup? We need to know how the IoT device is connecting to IBM and where your Wireshark capturing platform fits in?

grahamb gravatar imagegrahamb ( 2021-03-26 08:46:11 +0000 )edit

IoT device(psoc6) is connected to IBM cloud IoT platform using mqtt secure connection at port 8883.So basically I used certificate to secure the connection and cipher suite used was TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256. But this is my first time using wireshark to capture mbedtls handshake so I actually dont know how to set up properly in wireshark to capture the mbedtls messages.

Wanglen gravatar imageWanglen ( 2021-03-26 09:41:23 +0000 )edit

Unfortunately that's not the information we need, it's how the various parts are physically connected. Is the IoT device wired to a switch, using WiFi or something else, e.g. LoRa? What are you running Wireshark on and how is that connected to the IoT device?

grahamb gravatar imagegrahamb ( 2021-03-26 09:44:57 +0000 )edit

yeah so I IoT device is connected to my wifi then to the cloud using internet so I was hoping to capture it in wifi interface in wireshark by giving my ip address in the filter console as ip.src=xxx.xxx.xx.xx

Wanglen gravatar imageWanglen ( 2021-03-26 10:43:37 +0000 )edit

OK, still missing some info, what is the OS on the machine running Wireshark? You'll need to capture in monitor mode which isn't easy or supported by many WiFi adaptors on Windows.

See the wiki page on WiFi Capture for more info about performing such captures.

grahamb gravatar imagegrahamb ( 2021-03-26 11:48:52 +0000 )edit