Solved

Finding out if the TLS data was compressed from a wireshark capture

Posted on 2016-10-04
2
87 Views
Last Modified: 2016-10-14
Hi,
Following is a TLS record captured in the wireshark...
Screen-Shot-2016-10-04-at-6.13.56-PM.pngI read in a book that TLS data should not be compressed so wanted to verify if it is getting compressed in my web application.
This is a TLS record of data transfered between my computer and server...
How do i see from the record that the data is compressed or not ?

Also one thing i dont understand in the capture is that the Encrypted application data is different from what is shown in the below tab of wireshark . Why is that ?

Thanks
0
Comment
Question by:Rohit Bajaj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 11

Assisted Solution

by:loftyworm
loftyworm earned 250 total points
ID: 41828665
Wire shark is complicated, and unless you really know what you are doing, can only give basic idea of what's going on.
How can you tell from the packet capture if the data is being compressed?  I don' think you can, not from a capture.  1) Several problems with this; packets come in fixed sizes, so even if it was the packets SHOULD appear the same size.  This is not perfectly true, but is for this application. 2) there is nothing to compare it to.  You may have a better idea if you collected the entire data stream, and where able to determine the size of all the packets together.  You may consider turning OF TLS, and running a before and after capture, this will tell you better, but again, you have to pay attention to the entire stream.

If the Application is encrypting the data, then that is not the same as TLS encrypting it again for the network trip.  Also, the data may be getting broken into pieces for the packet sizing.
0
 
LVL 57

Accepted Solution

by:
giltjr earned 250 total points
ID: 41832603
You can't tell with Wireshark if the TLS data stream is being compressed.

Normally when see that TLS data should not be compressed it means that something could  not take the packet that the TLS data is in and compress it.  This would typically be done using a WAN accelerator device, OR, if your web application was directly using TLS  to encrypted the data and then using http (not https) to send the data and your http server was setup to compress http data.

If this is true, then the web server may be compressing the raw data, then invoking TSL which encrypts the compressed raw data.  Which  is O.K. and normal.

My guess is you are not directly encrypting usint TLS that your application is being accessed using HTTPS.
0

Featured Post

Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
RHEL6 + dockers - No route to host 7 89
Visio Crashes when Running from a Share 6 65
Problems with VPN 4 55
testing a port being open in firewall 6 41
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question