?
Solved

Finding out if the TLS data was compressed from a wireshark capture

Posted on 2016-10-04
2
Medium Priority
?
100 Views
Last Modified: 2016-10-14
Hi,
Following is a TLS record captured in the wireshark...
Screen-Shot-2016-10-04-at-6.13.56-PM.pngI read in a book that TLS data should not be compressed so wanted to verify if it is getting compressed in my web application.
This is a TLS record of data transfered between my computer and server...
How do i see from the record that the data is compressed or not ?

Also one thing i dont understand in the capture is that the Encrypted application data is different from what is shown in the below tab of wireshark . Why is that ?

Thanks
0
Comment
Question by:Rohit Bajaj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 11

Assisted Solution

by:loftyworm
loftyworm earned 1000 total points
ID: 41828665
Wire shark is complicated, and unless you really know what you are doing, can only give basic idea of what's going on.
How can you tell from the packet capture if the data is being compressed?  I don' think you can, not from a capture.  1) Several problems with this; packets come in fixed sizes, so even if it was the packets SHOULD appear the same size.  This is not perfectly true, but is for this application. 2) there is nothing to compare it to.  You may have a better idea if you collected the entire data stream, and where able to determine the size of all the packets together.  You may consider turning OF TLS, and running a before and after capture, this will tell you better, but again, you have to pay attention to the entire stream.

If the Application is encrypting the data, then that is not the same as TLS encrypting it again for the network trip.  Also, the data may be getting broken into pieces for the packet sizing.
0
 
LVL 57

Accepted Solution

by:
giltjr earned 1000 total points
ID: 41832603
You can't tell with Wireshark if the TLS data stream is being compressed.

Normally when see that TLS data should not be compressed it means that something could  not take the packet that the TLS data is in and compress it.  This would typically be done using a WAN accelerator device, OR, if your web application was directly using TLS  to encrypted the data and then using http (not https) to send the data and your http server was setup to compress http data.

If this is true, then the web server may be compressing the raw data, then invoking TSL which encrypts the compressed raw data.  Which  is O.K. and normal.

My guess is you are not directly encrypting usint TLS that your application is being accessed using HTTPS.
0

Featured Post

Enroll in August's Course of the Month

August's CompTIA IT Fundamentals course includes 19 hours of basic computer principle modules and prepares you for the certification exam. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question