WS02=test workstation w/ MMA Windows 7 Pro How do I view the TLS handshake messages without decrypting the traffic? This is done using the decode function in Wireshark.
Again, not interested in decrypting the traffic, just want to see the SSL messages when the client connects to the server. I can't see any of the TLS handshake messages. I believe I'm getting the same data between Wireshark and MMA I just needed to learn how to read the interface - the 3 way TCP handshake was staring me right in the face so I'm no longer confused with what I'm reading. My apologies, I feel like I'm missing something fundamental about the UI here. Like maybe a "Viewpoint" thing but it honestly makes no sense to me when I compare a pcap next to a capture from MMA. In my case, I'm not trying to decrypt the data - I just want to see the messages as they come through, verify TLS version, certificate, cipher suite, etc. Regardless of how the messages appear in the UI, I don't see any of the TLS handshake data. MMA, it doesn't appear like how I'm used to seeing in Wireshark. I would expect to see a SYN > SYN/ACK > SYN but I think because of the "tree" layout in In other words, I see 4 messages from client to server and then right after, I see another 4 messages from server to client. When I take a capture on the remote server using Microsoft Message Analyzer, the traffic When I run wireshark on the host I'm using the RDP client on, I can see the standard TCP 3-way handshake - everything is in order and looks "normal" to me. Videos but I'm having trouble breaking away from my Wireshark line of thinking
I know I must be missing something extremely fundemental here. The messages show up as TCP in the Module column however, I don't see the TLS handshake at all. I can see the 3389 traffic when I filter by that port (or other means).
0 kommentar(er)
