Solved

Finding out if the TLS data was compressed from a wireshark capture

Posted on 2016-10-04
2
75 Views
Last Modified: 2016-10-14
Hi,
Following is a TLS record captured in the wireshark...
Screen-Shot-2016-10-04-at-6.13.56-PM.pngI read in a book that TLS data should not be compressed so wanted to verify if it is getting compressed in my web application.
This is a TLS record of data transfered between my computer and server...
How do i see from the record that the data is compressed or not ?

Also one thing i dont understand in the capture is that the Encrypted application data is different from what is shown in the below tab of wireshark . Why is that ?

Thanks
0
Comment
Question by:Rohit Bajaj
2 Comments
 
LVL 11

Assisted Solution

by:loftyworm
loftyworm earned 250 total points
ID: 41828665
Wire shark is complicated, and unless you really know what you are doing, can only give basic idea of what's going on.
How can you tell from the packet capture if the data is being compressed?  I don' think you can, not from a capture.  1) Several problems with this; packets come in fixed sizes, so even if it was the packets SHOULD appear the same size.  This is not perfectly true, but is for this application. 2) there is nothing to compare it to.  You may have a better idea if you collected the entire data stream, and where able to determine the size of all the packets together.  You may consider turning OF TLS, and running a before and after capture, this will tell you better, but again, you have to pay attention to the entire stream.

If the Application is encrypting the data, then that is not the same as TLS encrypting it again for the network trip.  Also, the data may be getting broken into pieces for the packet sizing.
0
 
LVL 57

Accepted Solution

by:
giltjr earned 250 total points
ID: 41832603
You can't tell with Wireshark if the TLS data stream is being compressed.

Normally when see that TLS data should not be compressed it means that something could  not take the packet that the TLS data is in and compress it.  This would typically be done using a WAN accelerator device, OR, if your web application was directly using TLS  to encrypted the data and then using http (not https) to send the data and your http server was setup to compress http data.

If this is true, then the web server may be compressing the raw data, then invoking TSL which encrypts the compressed raw data.  Which  is O.K. and normal.

My guess is you are not directly encrypting usint TLS that your application is being accessed using HTTPS.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now