Thank you for the response, We are connecting over port 5494. I believe this has to do with a Sql server we are using. I will investigate this possibility.
Justin -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stephen Fisher Sent: October 12, 2007 6:34 PM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] (New to Wireshark) How does wireshark determine what protocol is being used? On Fri, Oct 12, 2007 at 05:16:08PM -0400, Justin Seto wrote: > My company is using the Microsoft C++ standard implementation of TLS, > i.e. plugging in the module, to handle SSL connections. When I use > wireshark to capture data, it does not detect the SSL packets. > However, when I read the raw data in the TCP packet, I can see the TLS > headers in the first bytes of the data payload. Furthermore, there > seems to be an exchange of certificates. > > When I connect to an SSL enabled site over a web browser I can scope > TLS packets. I would like to see the same thing appear when I scope > packets from my program. My first question is: how does wireshark > determine whether a packet is an SSL packet? Is your company's program using a standard SSL port? Wireshark detects SSL on at least ports 636 (ldap over SSL), 993 (imap over SSL), and 995 (pop over SSL). There is a default setting in the HTTP dissector's preferences to decode port 443 as HTTP over SSL. Steve _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
