We have built a WCF Self-Hosted application that has a SSL cert attached to port 15014. All of that works like it should but it seems that i want to make sure i truly see the SSL handshake so I captured soem packets and what worries me is that it only hsows TCP and no SSLv?. IF i am trying to go to https://servername:15014 and should it not show some sort of SSL functionality in wireshark and not just TCP? Thanks asked 28 Jan '13, 12:26  cptkirkh |
One Answer:
Since you are running SSL on a non-standard SSL port, Wireshark does not know that it should interpret the packets as SSL. You can use "Decode As..." (rightclick on a packet) to tell Wireshark to interpret port 15014 as SSL. answered 28 Jan '13, 12:44  SYN-bit ♦♦ |
yes but why can i see inside the packet to the data being transmitted if i don't have the private key installed in Wireshark for decryption? Is this really secure if i can read the commands he is sending in plain text?
Which data do you see unencrypted? The certificate is being sent before encryption starts. Do you see other data unencrypted? Are you able to post an example to www.cloudshark.org?